aivdesign

App security

4 posts in this topic

I'm a bit confused as to the security issues involved with installing apps. Firstly the passwords thing, there are many apps including instant messaging programs, personal assistant tools etc which all require you logging a password and username. They all look like networks not directly affiliated with the company/network I created my password on, for example there are message programs and email management tools that look like they could have been created by some guy in his garage, and certainly not affiliated with microsoft.... I am gusssing for these tools to work, microsoft and other networks provide some kind of gateway or server for developers to use? To send the login info etc and retrieve information. Even if it does seem to work, how do I know the developer is not also sending my account login details to himself or another, as well as the gateway for the network(microsoft or whatever). Could someone please clarify the relationship in which how these new apps connect to sensitve networks/accounts to retrive and send information. And the serucirty issues involved. Also say I wanted to create an app like this, that involved accounts on other networks... how would I go about it?

Secondly when installing apps and it says this one needs your contacts info, settings info etc, give permission? How much of a risk is this really... it is pretty vague. If I give an app permission to any of these things, does that mean immediately it is very easy for the app to get and send any of that data mentioned to anywhere it likes online, without me knowing about it? When I sync my phone to a google account I assume it stores the login details somewhere on my phone... could any apps steal this? Could apps also steal other files on my phone without me knowing about it?

I just want more clarity.

0

Share this post


Link to post
Share on other sites

http://www.androidguys.com/2010/01/11/rogu...id-marketplace/

*

It was recently discovered that an application on the Android Marketplace posing as a legitimate banking application was actually a cover for a phishing app attempting to gain user names and passwords. Although the malicious application was quickly identified and removed from the Android Marketplace it is still advised that you check your device for any applications

from developer “Droid09” and delete them immediately.

*

Relative to what I am saying.

Edited by aivdesign
0

Share this post


Link to post
Share on other sites

I have also been thinking about this, no one knows?

0

Share this post


Link to post
Share on other sites

It's the same as installing something on your computer, you should just be careful. Android shows what the application asks for access but it can't tell what it's going to do with this permission.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2016. MoDaCo uses IntelliTxt technology.