Security, Is There Security In The House

Security? What does it mean.

Several concepts:

Malware
Login
Secured Login
Code obsucration
Securing your .apk
Securing Content
Trojans
Comparing Signing Certificates

Basically here’s the long and the short.

Yes you can take steps to enhance your security, but a really good Hacker can succeed given sufficient time.

So always ask yourself if what you’re doing is the best method. It’s unlikely the best hackers are targeting you. A locked door just might push the wannabe hacker to the next door.

Fundamentally here’s the problem:

“But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.” Wired Magazine, Aug 6th, 2012.

In the Android’s Developers Guide there a section about Designing for Security.

ProGuard

Most devices don’t use password protection and most users will disable it if it’s offered.

The app can have a signin.

Halt! Who goes there? Roger!
Roger, thanks for the password.

OAuth Background OAuth emerged from the social web, originally motivated by a desire to mitigate the so-called “password anti-pattern” in which a user, in order to authorize a third-party site to access their Facebook data, would be asked to provide their Facebook password to that third-party site. The first version, OAuth 1.0, allowed a user to specify such permissions without divulging their Facebook credentials to any entity other than Facebook (and similar for other providers).

OAuth 2.0 still supports this original delegated authorization use case from the consumer web but is now relevant to enterprises and the Cloud as well—which is arguably more about authentication than authorization. For instance, Salesforce uses OAuth to protect the many APIs they offer up to their enterprise customers. Enterprises themselves are using OAuth to protect the APIs they offer their partners and customers as well as internal clients in “private cloud” models.

OpenID OpenID is an open federated identity standard targeted towards the consumer world, allowing individuals Single Sign-On (SSO) to “relying party” sites from an OpenID provider such as their email provider or social network. Large OpenID providers such as Google and Yahoo! have issued OpenIDs to all their users. OpenID is one of few federated identity standards that enable SSO without the need for a pre-existing relationship between the identity provider and the relying party, a feature that greatly fosters scalability.

Malware, is it a problem?

According to Google and Apples it’s not.

Google believes some of the anti-malware apps are worst than the malware. Apple despite the proof to the contrary says there’s no malware on their platform.

Malware, but it’s not. Lookout’s take on the ‘Apperhand’ SDK (aka ‘Android.Counterclank’) Apparently adveritisers are the biggest spammers.

As pointed out in this article somebody’s always crying “Wolf”. Symantec launches massive ‘Android malware’ scare campaign — extreme caution advised – Computerworld Blogs” sometimes the problem is overstated.

Recently I read 5 free Android security apps for your smartphone | Mobile Technology – InfoWorld

This article helped me understand that as a developer I probably should have at least one or two of these apps on my devices.
Not because I’m concerned about security, but because I need to know what these apps are telling app users about my app. Plus, I’m sure I’ll find some interesting things along the way.
So I’ll install a couple and let you know what I found out.

16 security problems bigger than Flame

Fred

JUNE 20, 2012 Smartphone security is heading for ‘apocalypse’

JUNE 19, 2012 New Android malware disguised as security app

Apple apps are the malware

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s