Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Can an "app with Malware" access my Google Authenticator credentials? Or read my screen while I am viewing them?


Google auth credentials: not without root (which malware might get if your device isn't up to dage ons security patches)

Read screen: not without permission, even then not on protected screens, unless the malware has gained root access

If the app doesn't get root, the Android sandbox should protect you sufficiently against attacks on the key store of Google Authenticator.

However, if you copy the code to the device clipboard, the malware might read the code from there.


I believe my phone was compromised via CamScanner, and I factory reset my phone, changed the passwords to every account I used on my phone, and rotated every entry in my TOTP app. Not sure if any of that was necessary, but better safe than sorry as far as I'm concerned.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: