Home > Features > Malware Woes for Open Source App Distribution • Bookmark   • Newsletters   • Register Search Options

FEATURE

Malware Woes for Open Source App Distribution

Malware Woes for Open Source App Distribution

February 5, 2013
Text size: 
View in Digital Mag
Get XBIZ News
XBIZ Research
Will virtual reality boost the paysite market?
Yes, it will soon
  39.66%
Yes, but in a few years
  36.87%
No
  23.46%
Out of 179 votes. Results based on votes submitted by members of XBIZ.net social network.

" Vulnerability to MITM attacks and operator ignorance are only two of the problems facing Android app developers, who must now also contend with Google’s response to the app security issue. "

As evolution impacts the mobile arena, malware threats and other factors are joining forces to cast a doubt on traditional Open Source Android apps and their free-for-all distribution channels that can lack substantial oversight and be rife with vulnerabilities.

For marketers of adult entertainment, Android’s huge audience cannot be ignored.

Statistics from mid-November show that Android’s market share is sharply rising, with Google’s OS powering more than 72 percent of Smartphones sold in the past quarter — in comparison to competitor Apple’s iOS, which saw a nearly 14 percent share.

But the size of this market also makes it an attractive target for malicious attacks, such as those against the secure sockets layers (SSL) and transport layer security (TLS) protocols that are supposed to protect a user’s information, but can be compromised when careless coders fail to take the proper precautions.

A recent report by university teams from Hannover and Marburg, Germany, entitled, “Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security,” finds that while many Android apps have a legitimate need to communicate over the Internet, potential security threats from apps that use the SSL/TLS protocols make sensitive data vulnerable during transit, and calls on Android developers to better protect information they transmit.

The report cites a lack of visual security indicators for SSL/TLS use and inadequate use of SSL/TLS as exploitable for launching Manin-the-Middle (MITM) attacks.

The researchers used a tool known as Mallo-Droid to detect potential vulnerabilities to MITM attacks while targeting 13,500 free apps downloaded from Google’s Play Market.

Its analysis shows that while only 1,074 (8 percent) of the apps contained vulnerable SSL/TLS coding, they represent 17 percent of the apps containing HTTPS URLs — underscoring the false sense of security that an HTTPS link provides.

The team’s study also discovered various forms of SSL/TLS misuse during a manual audit of 100 selected apps and was then able to launch MITM attacks against 41 apps — successfully gathering “a large variety of sensitive data.”

According to the report, this included credentials for American Express, Diners Club, Facebook, Google, Microsoft Live, Paypal, Twitter, WordPress and Yahoo!, plus access to bank and email accounts, web servers and other supposedly secure environments.

Snooping wasn’t the only possibility the group found, however.

‘We have successfully manipulated virus signatures downloaded via the automatic update functionality of an antivirus app to neutralize the protection or even to remove arbitrary apps, including the antivirus program itself,” the report claims, adding that it is “possible to remotely inject and execute code in an app created by a vulnerable app building framework.”

The team estimates that up to 185 million Android users are vulnerable to MITM attacks based on data from Google’s Play Market — and with the threat extending to the deactivation of antivirus systems, it is a threat that users and developers should heed.

The report also reveals the results of an online survey seeking to evaluate perceptions about certificate warnings and HTTPS visual security indicators. It finds that half of the respondents did not know how to tell if their Android browser session was protected by SSL/TLS — highlighting the social aspects of the security equation.

Vulnerability to MITM attacks and operator ignorance are only two of the problems facing Android app developers, who must now also contend with Google’s response to the app security issue — a reply that could include escalating restrictions on applications, as well as the new malware scanning procedures now underway on the Google Play Store — bringing the portal closer to the Draconian policies employed by Apple’s App Store.

For adult app developers who appreciate the libertine airs of the Open Source world, these growing restrictions might not be welcome news, and may further accelerate moves to Android-compatible websites and applications.


PROFILES & BIOS

Evil Angel Chief Adam Grayson Champions Brand Evolution

Evil Angel is hardcore. More than a quarter-century after John Stagliano revolutionized adult filmmaking with his unique brand of gonzo titles and a lucrative director-as-producer business model, CFO Adam... More »

WIA Profile: Lupe Martinez

Each month, industry news media organization XBIZ spotlights the career accomplishments and outstanding contributions of Women in Adult. WIA profiles offer an intimate look at the professional lives of... More »

Jose Sanz Weaves a Profitable Tapestry at FreeWebCams

Navigating the complexities of customer service in the camming industry is a varied and oftentimes chaotic task, pulling even the most seasoned professionals in a multitude of directions. Fortunately for... More »
XBIZ NEWSLETTERS
Stay informed of the latest industry developments. Get XBIZ newsletters delivered to your inbox. Subscribe today!
Enter email address:

* To manage existing subscriptions click here.






POPULAR PRODUCTS & SERVICES
Submit your press release to
multiple news outlets with 1 click.
Subscribe to RSS news feeds or
add free content to your website.
Access XBIZ news and articles
with your mobile device.
Access the latest issues of the industry's leading trade publications in digital form. View online or download for offline viewing.

UPCOMING EVENTS

Latin America Adult Business Expo

Jul 10 - Jul 12
Cartagena, Colombia

XBIZ.net Paysite Meetup

Jul 13 - Jul 13
Barcelona, Spain

ANME Founders Show

Jul 16 - Jul 18
Los Angeles Marriott Burbank Airport

QWEBEC Expo

Aug 03 - Aug 06
Montreal, Quebec
Everyday thousands of business professionals browse XBIZ's industry directory for quality products and services. Not listed yet? Your company could be losing potential new business. Submit your company today!
Use XBIZ RSS feeds to stay informed of the latest industry developments or as a content syndication tool for your website!