10 replies to this topic

[mjs27541]

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  1.05MB   33 downloads

 

     We've known for a while now that there are apps on the Play Store that don't perform proper security certifications over HTTPS, leaving them, and by extension you, vulnerable to man in the middle attacks, whereby you think you're interacting with a secure app server, but are really communicating with an attacker.  Using SSL certification over HTTPS is supposed to protect against this, but only when it's done properly.  Researchers at Carnegie Mellon University have begun to compile a list of apps available in the Play Store that either don't perform proper SSL certification, or worse, don't do it at all.  The list of vulnerable apps is 

Please Login or Register to see this Hidden Content

, prepare to be shocked at some of the names you see on this list.

 

Source:  CSOOnline.com (thanks cmh714!)

[androidlearner]

Tapatalk is on there...

[cmh714]

Yes, it is

[Thach]

Damn that's a lot, gonna take a while to look at them all lol.

[King Howie]

Kaspersky internet security is on there. Really? An internet security app isn't secure

[mjs27541]

Yeah I chuckled at that one. Even though it isn't really funny. But still.

[Gblake13]

So what's the recommened action for this security issue? There's an awful lot of apps to avoid.

Sent from my DROID RAZR HD using Xparent Cyan Tapatalk 2

[mjs27541]

I don't think there's anything you can do other than uninstall the apps

[KFTheTruth]

Canadian DMV....

 

Do you know if  this list going to be continually updated or is it just a study for a set period of time?

[mjs27541]

It's being updated periodically. There were new ones added since I originally posted this. The link in the OP takes you to the updated list.

[Daino92]

That's a way longer list than I would have thought.... I LoL'd when I saw Kerparsky on the list... lol