Tuesday, April 15, 2014
YOLO COUNTY NEWS
99 CENTS

Security gaps in Android apps exposed

By
From page A6 | April 24, 2013 | Leave Comment

UC Davis researchers have discovered security issues on the Android platform, which has about a half-billion users worldwide. Malicious code added to the system via a hidden download could invade vulnerable programs. CanStock photo

[ File # csp9464113, License # 2568991 ] Licensed through http://www.canstockphoto.com in accordance with the End User License Agreement (http://www.canstockphoto.com/legal.php) (c) Can Stock Photo Inc. / savcoco

Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to UC Davis researchers.

Zhendong Su, professor of computer science, said his team has notified the app developers of the problems, although it has not yet had a response.

The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace. The researchers focused initially on the Android platform, which has about a half-billion users worldwide.

Android is quite different from Apple’s iOS platform, but there may well be similar problems with iPhone apps, Xu said.

The victim would first have to download a piece of malicious code onto his phone. This could be disguised as or hidden in a useful app, or attached to a “phishing” email or Web link. The malicious code then would invade the vulnerable programs.

The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.

“It’s a developer error,” Xu said. “This code was intended to be private but they left it public.”

Su and Xu, with graduate student Fangqi Sun and visiting scholar Linfeng Liu, of Xi’an Jiatong University, China, found that many of the apps they surveyed had potential vulnerabilities. They looked closely at a handful of major applications that turned out to have serious security flaws.

Handcent SMS, for example, is a popular text-messaging app that allows users to place some text messages in a private, password-protected inbox. Xu found that it is possible for an attacker to access and read personal information from the app, including “private” messages.

WeChat is an instant messaging service popular in China and similar to the Yahoo and AOL instant messengers. The service normally runs in the background on a user’s phone and sends notifications when messages are received. Xu discovered a way for malicious code to turn off the WeChat background service, so a user would think the service is still working when it is not.

Weibo is a hugely popular microblog service that has been described as the Chinese equivalent of Twitter. But its Android client is vulnerable, and it is possible for malicious code to forge and post fraudulent messages, Xu said.

The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.

— UC Davis News Service

LEAVE A COMMENT

Discussion | No comments

The Davis Enterprise does not necessarily condone the comments here, nor does it review every post. Read our full policy

.

News

Carlton Plaza: Home, sweet senior home

By Dave Ryan | From Page: A1, 3 Comments | Gallery

 
DTA votes for status-quo calendar

By Jeff Hudson | From Page: A1

UC Davis prof repeats history with Pulitzer

By The Associated Press | From Page: A1 | Gallery

 
Bob Poppenga enters school board race

By Jeff Hudson | From Page: A1, 3 Comments

 
Police warn of PG&E phone scam

By Lauren Keene | From Page: A2

 
Pets of the week

By Enterprise staff | From Page: A2 | Gallery

 
Top Democratic lawmaker backs off ‘carbon tax’

By The Associated Press | From Page: A2, 4 Comments

Monkey business

By Enterprise staff | From Page: A3, 1 Comment

 
Can you name these leaders?

By Special to The Enterprise | From Page: A3, 1 Comment

Allen will meet voters for coffee

By Enterprise staff | From Page: A3, 1 Comment

 
Take a bike tour of UCD’s Arboretum

By Enterprise staff | From Page: A3

 
‘My Father’s Garden’ author reads, signs

By Enterprise staff | From Page: A3

Support group for widows/widowers forms in Davis

By Enterprise staff | From Page: A3

 
Care planning workshops will begin Thursday

By Special to The Enterprise | From Page: A3

Swanson lawn signs available

By Enterprise staff | From Page: A3

 
Dancers to return to Quad for 42nd powwow

By Cory Golden | From Page: A3

Antidepressant use during pregnancy linked to autism

By Phyllis Brown | From Page: A4

 
Avid Reader to hold political, educational forums

By Enterprise staff | From Page: A4

Take a hike with the Sierra Club

By Special to The Enterprise | From Page: A4

 
Trek the mountains of Indonesia with Audubon speaker

By Special to The Enterprise | From Page: A4

View classic vehicles at the April Cruise-In

By Special to The Enterprise | From Page: A4

 
Paws for Thought: Dogs truly do make us healthier

By Evelyn Dale | From Page: A4 | Gallery

Hear poets at The Other Voice

By Enterprise staff | From Page: A4

 
Dr. G to host last show of the season

By Enterprise staff | From Page: A4

Bunny Run will benefit Yolo SPCA

By Enterprise staff | From Page: A5

 
Former resident returns for book-signing

By Enterprise staff | From Page: A10

.

Forum

Engaged to the party girl

By Special to The Enterprise | From Page: B5

 
Freeloader wants to return

By Special to The Enterprise | From Page: B5

 
Maintain good credit during college years

By Special to The Enterprise | From Page: A6, 1 Comment

Pat Oliphant cartoon

By Debbie Davis | From Page: A6

 
.

Sports

‘Boston Strong,’ meet ‘Davis Strong’ at Monday’s marathon

By Bruce Gallaudet | From Page: B1 | Gallery

 
Dufresnes are the Devils’ dynamic duo

By Dylan Lee | From Page: B1 | Gallery

Jaso’s HR lifts A’s over Angels

By The Associated Press | From Page: B1

 
Loss to McClatchy adds to DHS’ recent soccer woes

By Evan Ream | From Page: B1 | Gallery

 
Big AAA bats this week in Davis Little League

By Enterprise staff | From Page: B2

 
.

Features

Citrus Circuits wraps up regionals, heads to world championships

By Special to The Enterprise | From Page: A8

 
This little light of mine

By Anne Ternus-Bellamy | From Page: A8 | Gallery

What’s happening for youths

By Enterprise staff | From Page: A8

 
.

Arts

 
‘Old West’ opera to be screened at I-House

By Enterprise staff | From Page: A9

Madrigals, choir present NYC tour repertoire

By Enterprise staff | From Page: A9

 
Catch the Road Crew at Picnic in the Park

By Enterprise staff | From Page: A9 | Gallery

Cajun sounds to fill The Palms

By Enterprise staff | From Page: A9

 
Strong performances highlight ‘Visiting Mr. Green’

By Bev Sykes | From Page: A9 | Gallery

Spring Finale concert set for April 27

By Enterprise staff | From Page: A9

 
I See Hawks in L.A. to play at The Palms

By Enterprise staff | From Page: A9

.

Business

.

Obituaries

.

Comics

Comics: Tuesday, April 15, 2014 (set 1)

By Creator | From Page: B5

 
Comics: Tuesday, April 15, 2014 (set 2)

By Creator | From Page: B7