Author Topic: Security in Android apps  (Read 4548 times)

0 Members and 1 Guest are viewing this topic.

Offline kondziorek

  • Jr. Member
  • **
  • Posts: 42
  • Karma: 0
  • I've just joined!
    • View Profile
    • Awards
Security in Android apps
« on: July 13, 2015, 06:23:41 pm »
Hi,
I'd apologize if I put this topic in wrong section of forum.

But to the point.

I was wondering,  if anybody would hack accounts on Android apps.
 I mean for example we are logged on ebay or Facebook app,  and we simply quit to home screen,  without logging out,  and also disconnect from network and again turn on network.
-To the point,  Is it technically possible if anybody would hack our session,  when we logged?
 Of course we're using WiFi in home with WPA2,  not public hotspot.

- How does situation look like with bank apps?  Is it any risk when I immediately leave the app without logging out,
 -But in web browser on android,  on Facebook,  is it possible to take over session?

I've found "zenmate" vpn app on Google Play, is it a proper VPN? Or that isn't worth to install it.

Offline chemicalfan

  • Hero Member
  • *****
  • Posts: 1166
  • Karma: 36
  • Gender: Male
  • I've been here a little while!
    • View Profile
    • Awards
Re: Security in Android apps
« Reply #1 on: July 14, 2015, 11:50:18 am »
As far as I am aware, the connections to Facebook & e-mail are encrypted, so man-in-the-middle attacks shouldn't be possible. Installing rogue apps could unravel that, as it could scrape the information (or some of it) from Android itself, but this has nothing to do with the connection.

In terms of using public, open WiFi for sensitive communications, it's a bad idea. While they can't read the data being transmitted (as it's encrypted), they could record it, and attempt to break the encryption after you've left. Although this is unlikely to happen, as it's very difficult to break encryption of HTTPS transfers. Social engineering in the form of phishing attacks is a bigger risk, as an attacker could spoof the DNS server on an open WiFi connection, and direct users to fake sites to steal login information. This is mitigated by using apps rather than a browser (which probably connect directly via IP, or at least would be looking for specific responses from an API).

An analogy would be like speaking in a foreign language to a friend - those around you can't understand it even if they are listening, but if they record it they may be able to figure it out later. But for most purposes, it's safe - just wouldn't trust high-risk things like bank details.

Offline kondziorek

  • Jr. Member
  • **
  • Posts: 42
  • Karma: 0
  • I've just joined!
    • View Profile
    • Awards
Re: Security in Android apps
« Reply #2 on: July 14, 2015, 12:08:28 pm »
Ok, tell me something else.
Is worth to use VPN app?  like "ZenMate" on Google Play. Or that's a rubbish thing?


Sent from my OV-V10 using Tapatalk


Offline chemicalfan

  • Hero Member
  • *****
  • Posts: 1166
  • Karma: 36
  • Gender: Male
  • I've been here a little while!
    • View Profile
    • Awards
Re: Security in Android apps
« Reply #3 on: July 14, 2015, 01:26:27 pm »
VPN's are entirely dependent on trusting the server you're connecting to. If you could pick your own server (at your house, for example), it'd be safe if a little pointless. If the VPN server is provided by the app developer, tread carefully.

Offline kondziorek

  • Jr. Member
  • **
  • Posts: 42
  • Karma: 0
  • I've just joined!
    • View Profile
    • Awards
Re: Security in Android apps
« Reply #4 on: July 14, 2015, 01:37:25 pm »
Ok, thank you for advice.

Sent from my OV-V10 using Tapatalk


 


SimplePortal 2.3.3 © 2008-2010, SimplePortal