Many popular Android apps pose significant security threats said Fraunhofer Institute for Secure Information Technology.



When we talk about security issues within mobile apps, we learn that, developers or manufacturers take less time to implement the best security practices. So that, the way the Secure Sockets Layer (SSL) protocol is used, attackers can steal sensitive access data. This means, the vulnerability is introduced by an incorrect use of SSL. If
unfamiliar, Connectikpeople recalls that SSL cryptographically is used to protect the connection between apps and servers. This protection relies on public-key certificates. This means, when receiving a certificate, apps are supposed to verify that it actually belongs to the server they want to communicate with.
But the researchers found that in the listed apps (Fraunhofer SIT tested atotal of 2,000 Android apps), this verification is not done correctly. According to this survey, risk depends on the specific app: With some apps only personal photos might be at risk; with banking apps, access data might be used for unauthorized money transfers. An especially grave risk may occur if apps use the single-sign on services of Google or Microsoft.
‘’For example, an attacker just needs to manipulate the communication that takes place while the victim is surfing via an unprotected WLAN, e.g., at an airport or in a restaurant. It is in these situations that the SSL encryption is supposed to ensure secure communication’’; unveiled the survey.
Therefore Connectikpeople recommends developers, and manufacturers to prioritize the security best practices, to remedy the weakness and users need to make sure they always update their apps to the newest version.

Popular Posts