Android Exploit Allows Password Theft via One-Click Auth

[exfileme]

A researcher has discovered that Android weblogin tokens for Google services can be stolen and used by hackers.

Android Exploit Allows Password Theft via One-Click Auth : Read more

 

[Jeff Krogue]

You would have to be crazy to do anything secure on smartphones until they get more mature.

 

[Grandmastersexsay]

You would have to be crazy to do anything secure on smartphones until they get more mature.

You're safer doing something secure on a smartphone than on a Windows based computer.

There just aren't enough hackers going after smart phones compared to those going after Windows based platforms. Not even close. Not yet at least.

 

[pacomac]

The iOS fans are sniggering to themselves!

 

[jerm1027]

What really bugs me about these articles is that they don't state which versions of Android are affected. Not very informative.
I'm also noticing a common theme with these security vulnerabilities: lack of in-depth permission controls. It's either give the app all permissions it asks for, or don't install the app. I would like the ability to pick and choose which permissions to grant the app from which it asks for.

 

[okibrian]

Well well well, what do we have here? And it was published on Google Play for a good month you say too. That's funny. I guess your shit does stink.

 

[theclouds]

This is actually good news for Android because security vulnerability can be patched. No OS is impregnable, it really comes down to how less susceptible they are to exploits like this. Consider this relationship: The more popular an OS becomes the more enticing an OS is to security experts and black hats, but at the same time the OS gets more secure because these holes are patched with time. Arms race.