Friday, October 24, 2014
YOLO COUNTY NEWS
99 CENTS

Security gaps in Android apps exposed

By
From page A6 | April 24, 2013 |

UC Davis researchers have discovered security issues on the Android platform, which has about a half-billion users worldwide. Malicious code added to the system via a hidden download could invade vulnerable programs. CanStock photo

[ File # csp9464113, License # 2568991 ] Licensed through http://www.canstockphoto.com in accordance with the End User License Agreement (http://www.canstockphoto.com/legal.php) (c) Can Stock Photo Inc. / savcoco

Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to UC Davis researchers.

Zhendong Su, professor of computer science, said his team has notified the app developers of the problems, although it has not yet had a response.

The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace. The researchers focused initially on the Android platform, which has about a half-billion users worldwide.

Android is quite different from Apple’s iOS platform, but there may well be similar problems with iPhone apps, Xu said.

The victim would first have to download a piece of malicious code onto his phone. This could be disguised as or hidden in a useful app, or attached to a “phishing” email or Web link. The malicious code then would invade the vulnerable programs.

The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.

“It’s a developer error,” Xu said. “This code was intended to be private but they left it public.”

Su and Xu, with graduate student Fangqi Sun and visiting scholar Linfeng Liu, of Xi’an Jiatong University, China, found that many of the apps they surveyed had potential vulnerabilities. They looked closely at a handful of major applications that turned out to have serious security flaws.

Handcent SMS, for example, is a popular text-messaging app that allows users to place some text messages in a private, password-protected inbox. Xu found that it is possible for an attacker to access and read personal information from the app, including “private” messages.

WeChat is an instant messaging service popular in China and similar to the Yahoo and AOL instant messengers. The service normally runs in the background on a user’s phone and sends notifications when messages are received. Xu discovered a way for malicious code to turn off the WeChat background service, so a user would think the service is still working when it is not.

Weibo is a hugely popular microblog service that has been described as the Chinese equivalent of Twitter. But its Android client is vulnerable, and it is possible for malicious code to forge and post fraudulent messages, Xu said.

The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.

— UC Davis News Service

Comments

comments

.

News

A-Z: Downtown Davis is the place to celebrate

By Kimberly Yarris | From Page: C1

 
Courageous Thompson tapped for cycling shrine

By Bruce Gallaudet | From Page: A1 | Gallery

 
UC researchers: How low-water can our landscapes go?

By Katie F. Hetrick | From Page: A1 | Gallery

Testimony begins in Winters murder trial

By Lauren Keene | From Page: A1 | Gallery

 
Hong Kong protesters to vote on staying in streets

By The Associated Press | From Page: A2

 
Cloud business lifts Microsoft’s quarterly results

By The Associated Press | From Page: A2

 
Scientists work to save endangered desert mammal

By Kat Kerlin | From Page: A3 | Gallery

Host families needed for students and teachers from Mexico

By Special to The Enterprise | From Page: A3

 
Halloween Dance set Friday for teens

By Enterprise staff | From Page: A3

Yoga and chanting workshop planned

By Enterprise staff | From Page: A3

 
Downtown menu: coffee, boba tea, dessert

By Wendy Weitzel | From Page: C3

Can you give them a home?

By Enterprise staff | From Page: A3 | Gallery

 
Video highlights Props. 1 and 2

By Special to The Enterprise | From Page: A4

‘Homeopathy at Home’ program planned

By Enterprise staff | From Page: A4

 
Celebrate origami at Davis library

By Enterprise staff | From Page: A4

Garden sale and open house features water-wise demos

By Special to The Enterprise | From Page: C4

 
Meet Poppenga at dog park Sunday

By Enterprise staff | From Page: A4

Day of the Dead folk art class set

By Enterprise staff | From Page: A4

 
Flea Market planned Sunday

By Enterprise staff | From Page: A4

Enjoy A Taste of Capay at historic ranch

By Enterprise staff | From Page: A4

 
Red-hot tunes set at Blues Harvest

By Enterprise staff | From Page: A4

Learn how to fill a cornucopia with flowers

By Enterprise staff | From Page: A4

 
Bay Bridge art project needs $4 million to keep shining

By San Francisco Chronicle | From Page: A5 | Gallery

Weir honored, a year early

By Enterprise staff | From Page: A5

 
Explorit: Poison-proof your home with free lecture

By Lisa Justice | From Page: A6

For a good cause

By Fred Gladdis | From Page: A6

 
Americans, internationals make connections

By Enterprise staff | From Page: A6

Sutter auxiliary seeks volunteers

By Special to The Enterprise | From Page: A7

 
School board hopefuls discuss homework policy

By Jeff Hudson | From Page: A7

Walkers welcome to join Sierra Club outings

By Enterprise staff | From Page: A9

 
Project Linus seeks donations

By Enterprise staff | From Page: A9

.

Forum

The magic is long gone

By Creators Syndicate | From Page: B5

 
Experience nature’s treasures

By Letters to the Editor | From Page: A10

 
Subs have other concerns

By Letters to the Editor | From Page: A10

Tom Meyer cartoon

By Debbie Davis | From Page: A10

 
What’s next with Ebola?

By Letters to the Editor | From Page: A10

More theories on the abstention

By Letters to the Editor | From Page: A10

 
Rights beget responsibilities

By Letters to the Editor | From Page: A10

Water returns to its source

By Letters to the Editor | From Page: A10

 
A solution to the drought

By Letters to the Editor | From Page: A10

.

Sports

Aggies expect a bonny meeting in Sacramento

By Bruce Gallaudet | From Page: B1

 
DHS footballers take on Pleasant Grove

By Enterprise staff | From Page: B1

Bye No. 2 comes at perfect time for nicked-up UCD

By Bruce Gallaudet | From Page: B1 | Gallery

 
Shhh. Are Aggie women BWC’s best-kept secret?

By Bruce Gallaudet | From Page: B1

Bump, set, playoffs: Blue Devil girls clinch spot in postseason

By Thomas Oide | From Page: B1 | Gallery

 
UCD roundup: Preseason awards roll in for Aggie hoopster Hawkins

By Enterprise staff | From Page: B2 | Gallery

 
Sharks suffer from road woes

By The Associated Press | From Page: B12

.

Features

.

Arts

DMTC plans ‘My Fair Lady’

By Special to The Enterprise | From Page: A11

 
Czech Philharmonic Orchestra to perform

By Enterprise staff | From Page: A11

Calling all artists for upcoming show

By Enterprise staff | From Page: A11

 
‘St. Vincent:’ Quite a character

By Derrick Bang | From Page: A11 | Gallery

Rumpledethumps to play at Village Homes Performers’ Circle

By Enterprise staff | From Page: A11 | Gallery

 
.

Business

 
Car Care: Five things to ask yourself when shopping for a new vehicle

By Special to The Enterprise | From Page: B7

.

Obituaries

Lewis Melvin Dudman

By Special to The Enterprise | From Page: A4

 
Ann Foley Scheuring

By Special to The Enterprise | From Page: A4

.

Comics

Comics: Friday, October 24, 2014

By Creator | From Page: B3