Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Gingerbread owners may be at risk

Started by eyecre8 , Jan 29 2013 09:39 AM

security permissions gingerbread debugging

Please log in to reply

No replies to this topic

#1 eyecre8

Mod/News Team Leader

Moderator
108 posts

Google+:eyecre8
LocationOhio/Florida
Current Device(s):2 Razr's (xt912) & Asus TF700T

Posted 29 January 2013 - 09:39 AM

Please Login or Register to see this Hidden Content

118.47KB 39 downloads

It was recently found that Android's debugging feature could be used to steal information from apps running on an Android device. With a little effort, an app can be set up on Android to debug another running app.This debugging app would have access to all the information the debugged app has, so items like user names, passwords, and sensitive information are trivial to steal.

This vulnerability is only in version 2.3 (Gingerbread) or earlier. Practically all Android devices sold today run newer versions. Google’s own numbers indicate however that more than half of all Android devices in use still run these potentially older versions. Many devices were sold with Gingerbread even into 2012 – and will probably never receive an update to a newer Android version.

Please Login or Register to see this Hidden Content

19.37KB 35 downloads

Please Login or Register to see this Hidden Content

37.02KB 24 downloads

For an app to be vulnerable to being debugged it has to have been set to be debuggable in the first place. In general, debuggable versions of apps should not be released to the public.
(Approximately 5% of apps in the Top Free apps list are set to be debuggable, so the risk is not insignificant.)

Going forward, it would be a prudent idea for mobile developers to consider the security of their apps, not just their features and ease-of-use. Google should consider if it is possible to design Android in such a way that older devices can still receive security updates,

Independent of mobile service providers and device manufacturers. As usual, the message for users is clear: be careful what apps you end up downloading and using on your device. It’s quite possible that the “innocent” app you end up downloading could end up being malicious. It is very easy to mindlessly download an app, but some thought should be given to the permissions.

Via:

Please Login or Register to see this Hidden Content