Thursday, February 26, 2015
YOLO COUNTY NEWS
99 CENTS

Security gaps in Android apps exposed

By
From page A6 | April 24, 2013 |

UC Davis researchers have discovered security issues on the Android platform, which has about a half-billion users worldwide. Malicious code added to the system via a hidden download could invade vulnerable programs. CanStock photo

[ File # csp9464113, License # 2568991 ] Licensed through http://www.canstockphoto.com in accordance with the End User License Agreement (http://www.canstockphoto.com/legal.php) (c) Can Stock Photo Inc. / savcoco

Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to UC Davis researchers.

Zhendong Su, professor of computer science, said his team has notified the app developers of the problems, although it has not yet had a response.

The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace. The researchers focused initially on the Android platform, which has about a half-billion users worldwide.

Android is quite different from Apple’s iOS platform, but there may well be similar problems with iPhone apps, Xu said.

The victim would first have to download a piece of malicious code onto his phone. This could be disguised as or hidden in a useful app, or attached to a “phishing” email or Web link. The malicious code then would invade the vulnerable programs.

The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.

“It’s a developer error,” Xu said. “This code was intended to be private but they left it public.”

Su and Xu, with graduate student Fangqi Sun and visiting scholar Linfeng Liu, of Xi’an Jiatong University, China, found that many of the apps they surveyed had potential vulnerabilities. They looked closely at a handful of major applications that turned out to have serious security flaws.

Handcent SMS, for example, is a popular text-messaging app that allows users to place some text messages in a private, password-protected inbox. Xu found that it is possible for an attacker to access and read personal information from the app, including “private” messages.

WeChat is an instant messaging service popular in China and similar to the Yahoo and AOL instant messengers. The service normally runs in the background on a user’s phone and sends notifications when messages are received. Xu discovered a way for malicious code to turn off the WeChat background service, so a user would think the service is still working when it is not.

Weibo is a hugely popular microblog service that has been described as the Chinese equivalent of Twitter. But its Android client is vulnerable, and it is possible for malicious code to forge and post fraudulent messages, Xu said.

The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.

— UC Davis News Service

Comments

comments

.

News

Ag secretary: Smartphones could tell what’s in food

By The Associated Press | From Page: A1 | Gallery

 
Child support is key to fighting poverty

By Anne Ternus-Bellamy | From Page: A1

Dodd pushes for help on water rates

By Dave Ryan | From Page: A1

 
Hope succumbs to despair as missing baby’s body found

By Lauren Keene | From Page: A1 | Gallery

 
Ukraine will start pulling back heavy weapons

By The Associated Press | From Page: A2

 
Gas drags consumer prices down 0.7%

By The Associated Press | From Page: A2

USDA grants will combat citrus greening disease

By Special to The Enterprise | From Page: A3

 
Davis Baha’is celebrate Festival of Ayyam-i-Ha

By Special to The Enterprise | From Page: A3

Breakfast with the Bunny tickets go on sale soon

By Enterprise staff | From Page: A3 | Gallery

 
Suit Up for Success program needs clothing donations

By Special to The Enterprise | From Page: A3Comments are off for this post

We All Have a Heritage program kicks off

By Enterprise staff | From Page: A4

 
Pedal around Davis on weekly bike ride

By Special to The Enterprise | From Page: A4

NAMI meets for potluck, discussion on March 4

By Special to The Enterprise | From Page: A4

 
Dillard, McNamara appointed to state ag board

By Special to The Enterprise | From Page: A4

Fourth of July concessionaires solicited

By Enterprise staff | From Page: A4

 
Purim Carnival celebrates freedom with fun

By Special to The Enterprise | From Page: A4 | Gallery

Davis Media Access: Updates from D.C. and closer to home

By Autumn Labbe-Renault | From Page: A5

 
UCD Center for Pain Medicine receives highest recognition

By Special to The Enterprise | From Page: A6

UC Davis students join international campaign

By Enterprise staff | From Page: A6

 
Wolk to chair Senate wine committee

By Special to The Enterprise | From Page: A7

.

Forum

A single vote really does count

By Tom Elias | From Page: B4

 
The Keystone veto: You want jobs? Try this

By Special to The Enterprise | From Page: B4

Tom Meyer cartoon

By Debbie Davis | From Page: B4

 
Lady Devils are truly a team

By Letters to the Editor | From Page: B4

Headlights on, please!

By Letters to the Editor | From Page: B4

 
Anything goes? Not really

By Letters to the Editor | From Page: B4

New couple needs boundaries

By Creators Syndicate | From Page: B5

 
.

Sports

Tired Aggies drop homestand finale, 4-2

By Bruce Gallaudet | From Page: B1 | Gallery

 
Blue Devil boys expect a spike in production

By Thomas Oide | From Page: B1 | Gallery

Familiar face leads Davis badminton into new era

By Evan Ream | From Page: B1 | Gallery

 
DHS golfers seek to repeat past success in new Delta League

By Kellen Browning | From Page: B1 | Gallery

DHS girls host another playoff matchup Thursday night

By Enterprise staff | From Page: B1

 
UCD basketball teams enter pressure-packed final 2 weeks

By Bruce Gallaudet | From Page: B1 | Gallery

Youth roundup: Davis rugby girls play Clayton Valley tough

By Enterprise staff | From Page: B2 | Gallery

 
Kings grind it out against Grizzlies

By The Associated Press | From Page: B10

.

Features

Eastham takes top spot in photo contest

By Anne Ternus-Bellamy | From Page: B3

 
College Corner: Is there such a thing as BOGO?

By Jennifer Borenstein | From Page: B3

Da Vinci students bring on the Roaring ’20s

By Kellen Browning | From Page: B3 | Gallery

 
What’s happening

By Anne Ternus-Bellamy | From Page: B3

Name Droppers: Sperling gets leadership position

By Enterprise staff | From Page: A6

 
Citrus in your garden and in the news

By Don Shor | From Page: A10 | Gallery

 
.

Arts

 
‘Dia de los Cuentos’ a delight for young viewers, and old

By Bev Sykes | From Page: A8 | Gallery

DMTC announces ‘Wizard of Oz’ auditions

By Enterprise staff | From Page: A8

 
Gallery hosts fundraiser Saturday

By Enterprise staff | From Page: A9

Sundays at I-House season kicks off with two popular bands

By Special to The Enterprise | From Page: A9 | Gallery

 
American Bach Soloists revisit monumental St. Matthew Passion

By Enterprise staff | From Page: A9 | Gallery

Free Range singers open season

By Special to The Enterprise | From Page: A9

 
The Blue Mango show reception set for Saturday

By Enterprise staff | From Page: A9

LaBute discusses his adaptation of Buchner’s ‘Woyzeck’

By Special to The Enterprise | From Page: A9

 
Camp Shakespeare 2015 planned

By Enterprise staff | From Page: A9

.

Business

.

Obituaries

Vernon E. Burton

By Special to The Enterprise | From Page: A4

 
Robert Hugh McWherter

By Special to The Enterprise | From Page: A4

.

Comics

Comics: Thursday, February 26, 2015

By Creator | From Page: B8