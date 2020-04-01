Left Menu
Development News Edition

Smarthphone apps have 'backdoor secrets' for hackers: Study

PTI | Newyork | Updated: 01-04-2020 16:56 IST | Created: 01-04-2020 16:47 IST
Smarthphone apps have 'backdoor secrets' for hackers: Study
Representative image Image Credit: Pixabay

A large number of cell phone applications contain hardcoded secrets allowing others to access private data, according to a study that may lead to new measures to improve smartphone cybersecurity. According to the study, accepted for publication by the 2020 IEEE Symposium on Security and Privacy, apps on mobile phones may have hidden or harmful behaviors about which end users know little to nothing.

Researchers, including Zhiqiang Lin from the Ohio State University in the US, said mobile apps generally engage with users by processing and responding to user input. Citing examples, Lin said, to prompt action on their phones, users often need to type certain words or sentences, or click buttons, and slide screens. In the study, the researchers evaluated 150,000 apps: 1,00,000 based on the number of downloads from the Google Play store, the top 20,000 from an alternative market, and 30,000 from pre-installed apps on Android smartphones. They found that 12,706 of those apps contained something the scientists called "backdoor secrets" -- hidden behaviors within the app that accept certain types of content to trigger behaviors unknown to regular users. The researchers also found that some apps have built-in "master passwords," which allow anyone with that password to access the app, and any private data contained within it. And some apps, they said, had secret access keys that could trigger hidden options, including bypassing payment.

"Both users and developers are all at risk if a bad guy has obtained these 'backdoor secrets,'" Lin said. Motivated attackers could reverse engineer the mobile apps to discover them, he added. Developers often wrongly assume reverse engineering of their apps is not a legitimate threat, added Qingchuan Zhao, another co-author of the study from the Ohio State University.

"A key reason why mobile apps contain these 'backdoor secrets' is because developers misplaced the trust," Zhao said. To truly secure their apps, he said, developers need to perform security-relevant user-input validations and push their secrets on the backend servers. "On many platforms, user-generated content may be moderated or filtered before it is published," Zhao said, adding that several social media sites, including Facebook, Instagram, and Tumblr, already limit the content users are permitted to publish on those platforms.

"Unfortunately, there might exist problems -- for example, users know that certain words are forbidden from a platform's policy, but they are unaware of examples of words that are considered as banned words and could result in content being blocked without users' knowledge," he said. "Therefore, end users may wish to clarify vague platform content policies by seeing examples of banned words," Zhao added.

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)

Download The Devdiscourse News App for Latest News.

TRENDING

AYUSH Ministry initiates work on PM's advice for scientific solutions to fight COVID 19

Globalization post-coronavirus to get a hit, self-sufficiency paradigm to rule

Govt extends last date of bidding for stake sale in BPCL by more than a month to June 13: Official notice.

Magnitude 6.3 earthquake strikes Southern Idaho, U.S. - EMSC

OPINION / BLOG / INTERVIEW

Globalization post-coronavirus to get a hit, self-sufficiency paradigm to rule

The massive scale of coronavirus outbreak, accompanied by uncertainty and fear, could lead to new behaviors and beliefs in the 21st-century population that is empowered with the internet....

Ayurveda for COVID 19: Professionals owe the responsibility to protect it from quacks and fake news

Indian Ayurveda professionals are lagging behind their foreign counterparts in handling quacks and protecting credentials of the Ayurveda at the time of COVID 19 pandemic. The professionals of Ayurveda cannot abjure the responsibility to co...

Education post-coronavirus: Schools to rush for more digitalization

Digital education would undoubtedly boom in the post-coronavirus world, supported by educational institutions that have discovered its efficiency during the crisis, but it is still not expected to outshine traditional classroom learning....

Videos

Latest News

This period could be used to work on something special: Solskjaer to Manchester United players

As the coronavirus pandemic has made all footballers stay at home, Manchester United manager Ole Gunnar Solskjaer said that they can use this period to work on something special. Yeah, the players have got individual programmes and theyve g...

Japan "on the brink" as it struggles to hold back coronavirus

Japan will ban entry of foreigners from 73 countries and ask everyone arriving from abroad to quarantine for two weeks in its struggle to contain the coronavirus, with a senior minister warning the country had been pushed to the brink.Medic...

386 new COVID-19 positive cases in last 24 hrs; spike not national trend: Health Ministry

With as many as 386 new cases of COVID-19 reported in the last 24 hours, the Health Ministry on Wednesday said the spike was not a national trend and was primarily due to travel by those who had attended the Tablighi Jamaat congregation. ...

COVID-19 reminder of interconnected nature of world, need for global response: Modi to Chinese PM

The coronavirus pandemic is a reminder of the interconnected nature of the world and the need for adopting a global response to it, Prime Minister Narendra Modi said on Wednesday in a message to his Chinese counterpart Li Keqiang. Modi, i...
Give Feedback
Subscribe to our Newsletter  

SECTORS

EDITIONS

OTHER LINKS

OTHER PRODUCTS

CONNECT

Devdiscourse

Email: info@devdiscourse.com
Phone: +91-130-6444012, +91-7027739813, 14, 15

VisionRI | Disclaimer | Terms of use | Privacy Policy

© Copyright 2020