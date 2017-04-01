Hacker News new | comments | show | ask | jobs | submit login
Pairings of Android apps that leak sensitive data (theatlantic.com)
64 points by peter_tonoli 72 days ago | hide | past | web | 12 comments | favorite



The study is available here[0]. The gist is that an app can launder a request it isn't privileged to make through another app that is privileged and doesn't correctly check the intent sender. There are examples in Section 4.3.

[0] : http://people.cs.vt.edu/danfeng/papers/AsiaCCS-17-Yao.pdf


maybe i'm reading it wrong, but a lot of the examples in section 4.3 look like one app inadvertently sending sensitive data to another app (in an intent object).

i.e. the receiving app is getting some sensitive data it isn't supposed to have but didn't ask for, and then handling it inappropriately (e.g. leaking it to a log).


Or in other words: There are 35 apps that can leak your data to tons of other apps. However we're not going to tell you which ones.


Also... MUSLIMS! In case you weren't suitably terrified by the meaningless large numbers


In no way does it imply you should be scared of the Muslims.

In the example given, it is the Muslims who should be scared.


> In no way does it imply you should be scared of the Muslims.

It's not implying that you should, it is expecting that you are. It’s a FUD article touting b.s. numbers to boost the impression of vulnerability and of the 35-ish problem apps they chose to describe the one that’s a muslim prayer app. Why not choose a stopwatch app or a flappy bird clone or literally ANY of the other ones? Because they are depending on your preexisting, generalized fear of muslims.

> In the example given, it is the Muslims who should be scared.

Yes, I agree. Not only are they the victims of poorly written apps, they are also the victims of poorly written news


I only use Nexus and Pixel devices lately, so I'm not sure if this is available on all devices, but for apps that I have any worries about (e.g. 100% of games) I have a second user, on an empty gmail account created purely for that purpose, that I switch over to. It takes less than three seconds to switch accounts, I game and get the diversion, and then switch back. The downside is that I don't get notifications, and some privileged info is still available to the apps (although I block the ability to make calls or send texts to the other number, etc), but it does greatly reduce the surface area of the exposure.


For anyone looking for the dataset:

https://amiangshu.com/dialdroid/


FUSE does this. https://formal.tech/products/fuse


Here's a graph. http://fuse.galois.com/nexus4/visualization/


It is not at all clear what this graph is meant to represent.


Is there a list of the apps anywhere?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: