Skip to main content

Thousands of secret keys found in Android apps

There's a lot to love about the Android app marketplace, but there's a whole lot more to be wary of; predominantly, that developers are not required to submit their app to a review process before pushing it live on Google Play.
This can mean several things, but it also means that users can never be 100 percent certain that the app they are downloading is entirely secure. This has been confirmed once again by researchers Jason Nieh, professor of computer science, and Nicholas Viennot, PhD candidate, at Columbia University, who have performed a content analysis of apps on the store using a scalable tool designed for the purpose called PlayDrone.
PlayDrone uses "hacking techniques" to circumvent Google's security to download Google Play apps, and then recover and analyse their sources. It scales by simply adding more servers; in this way, it managed to decompile over 880,000 of the 1.1 million free apps it downloaded.
What Nieh and Viennot found was that developers often store their secret keys in their app software -- similar, the researchers said, to username and password data -- which can then be used to steal user data or resources from entities such as Amazon and Facebook. Even "Top Developers" promoted by Google Play have included these vulnerabilities in their apps.

Developers are also being contacted so that they can remove the secret keys from their source code.
As for PlayDrone, its work isn't over: Nieh and Viennot believe that it can be used to provide insight into Android  apps and improve the quality of Google Play. For example, the tool also found that roughly 25 percent of all free apps on Google Play are clones of other apps. This information could be used to help Google crack down on cloned content, which would be great news for developers who are creating original apps.
It also performed an analysis of the 10 best rated and 10 worst rated apps on the Google Play store, and found that even the worst-rated app -- a fake scale that purports to weight whatever you place on your phone but only displays a random number -- has over a million downloads.
Of course, unless Google Play tightens up its policy around misleading apps, that titbit of information could work to decrease the quality of the app store...
You can read the full paper, "A Measurement Study of Google Play", online.


Popular posts from this blog

CDAC CCAT Rank - Which Centre you Should go for...

Subscribe us for our YouTube channel and any kind of help Click here to ask questions regarding CDAC 1. C-DAC (Head Quarters) Pune    CDAC's Admission Booklet- Process of Admission to Post Graduate Diploma Courses of C-DAC                         click below to know about the CCAT's This batch allotment                click above to know about the CCAT's This batch allotment Rank 1-300 c-dac HQ has been the best from the start. 2.  Sunbeam Pune Rank 300-500 I got very positive feedback from my friends who are in c-dac banglure main campus,since there are many companies you may get more opportunities. 3.  C-DAC Knowledge Park Rank 400-700 It as very good faculty .Almost all the students get placed here every year. 4. C-DAC Hyderabad Rank 200-1000 (It depends on the course which you select) C-DAC hyderabad is very good for...


Subscribe us for our YouTube channel and any kind of help   Click here to ask questions regarding CDAC Before going through this post, I would like to draw your attention towards the importance of this post. This page not only explains my experience in CDAC but also aims at answering the queries of you all who are going or looking to have a course from CDAC. Kindly post your queries at the bottom of this page and we will get back to you within 24 hours. Kindly do not post your queries as an Anonymous user and do not forget to subscribe via email so as to keep track of your query.                         click below to know about the CCAT's This batch allotment                 click below to know about the CCAT's This batch allotment ______________________________________________ NOW a day lot of the graduates and post graduates are wondering most of the t...

Placement Statistics - 2011 & 2012

Subscribe us for our YouTube channel and any kind of help                          Post your queries below and we will get back to you in no more than 24 hours.  Click here to ask questions regarding CDAC                         click below to know about the CCAT's This batch allotment                     click above to know about the CCAT's This batch allotment CDAC's Admission Booklet- Process of Admission to Post Graduate Diploma Courses of C-DAC Click here to see placement statistics About C-CAT, Exam Pattern and Books No. of Seats Across Various Training Centres Important Dates - 2014 Tags: CDAC, CDAC scope in future, CDAC placements, CDAC training, CDAC recruitment, CDAC training centres, DSSD, DESD, DAC, PGDSSD, PGDESD, PGDAC, DABC, PGDABC, VLSI,...