Sounds like the Google Play Store should do this same type of testing prior to approval.
Slapdash SSL code puts tons of top Android Play Store apps in hack peril
Sloppy programming, poor patching, and unreliable trust engines are rife within Android apps, according to a new study. In short, millions smartphone users are potentially wide open to man-in-the-middle attacks, it's claimed. Researchers at security firm FireEye went through the 1,000 most popular Android applications from the …
COMMENTS
-
-
Thursday 21st August 2014 04:47 GMT mirobaka
Google Play has no approval process, so tests like this can't be part of it. :)
I wonder, though, whether the Apple approval process includes testing for weak SSL checking. From my understanding there's no real security testing done as part of Apple's approval process. It would be interesting to see the results of the same test being done against the top 10,000 iOS apps, I would expect much the same result.
After all, if there is one consistency between iOS and Android, it's poorly coded apps.
-
-
Thursday 21st August 2014 05:36 GMT codebeard
Google Play has no approval process, so tests like this can't be part of it. :)
Google does have an automated process for scanning apps for malware. It sounds like SSL tests should be part of that. Fortunately it's quite straightforward to run each app in a sandbox and attempt to MitM any outgoing SSL connections. If the app doesn't immediately close the connection, it should be considered vulnerable.
-
Thursday 21st August 2014 07:23 GMT Rich 2
Approval needed
My strong guess is that Apple's approval process consists mostly of making sure there's nothing in the app that will impact Apple's bottom line. Everything else, and that definitely includes security and privacy is very much secondary.
Disclaimer: I have an iThingie. Ooo-errrr!
-
-
-
-
Thursday 21st August 2014 06:14 GMT Kanhef
Interesting statistics
Trust management problems in 73 percent of the top 1000 apps, but only 36% of the next 9,000 most popular apps. Webkit issues in 77% of the top 1000, but just 6% of the next 9,000. Why are the most-downloaded apps so much more prone to security problems than ones that aren't quite as popular?