Friday , 21 September 2018
Home » NEWS » TOP 10 STORIES » Android apps prove a goldmine for dodgy password practices

Android apps prove a goldmine for dodgy password practices

An analysis of free Android apps has shown that developers are leaving their crypto keys embedded in applications, in some cases because the software developer kits install them by default. Will Dormann, software vulnerability analyst at the CERT Coordination Center (CERT/CC), told the BSides conference in San Francisco that he’d scanned around 1.8 million Android apps and found shocking lapses in operational security in plenty of ’em. PGP keys, VPN codes and hardcoded admin passwords were all readily available.

View full story

ORIGINAL SOURCE: The Register

About Japonica Jackson

Japonica is head of editorial at IT Security Guru. If you'd like to get in touch with Japonica, please email editor@itsecurityguru.org.