Recently I started playing with password security applications in the Android market that claimed ‘reliable’ from the authors. I decided to focus on the applications that had 4 or more stars and a lot of downloads. Since these types of applications store sensitive data, I wanted to see how hard it was to obtain this [...]
Recently I started playing with password security applications in the Android market that claimed ‘reliable’ from the authors. I decided to focus on the applications that had 4 or more stars and a lot of downloads.
Since these types of applications store sensitive data, I wanted to see how hard it was to obtain this information assuming a handset was lost or stolen. The common denominator between all the popular apps were the use of a master password. Some of the apps stored master passwords locally while others stored them remotely. All the apps stored banking information, passwords, and credit card numbers.
With being able to turn off your SIM card if your phone is lost or stolen; its not as easy to change passwords to sites or notify banks of accounts that could have been compromised.
With such a major number of users adding Android MOD’s such as Cyanogen to their device, it greatly increases the risk of personal information being leaked when a phone is stolen or lost.
We have already started notifying vendors of the vulnerabilities we have found. Stay tuned as we start posting some of the results, you will be surprised at just how easy these applications could be compromised by attackers.
All Tags: Android Security, applications, banking information, compromise, credit cards, password, secure, Security, sensitive data, vulnerability
Leave Your Response