Security Alerts & News
by Tymoteusz A. Góral

History
#653 Protecting against unintentional regressions to cleartext traffic in your Android apps
When your app communicates with servers using cleartext network traffic, such as HTTP, the traffic risks being eavesdropped upon and tampered with by third parties. This may leak information about your users and open your app up to injection of unauthorized content or exploits. Ideally, your app should use secure traffic only, such as by using HTTPS instead of HTTP. Such traffic is protected against eavesdropping and tampering.

Many Android apps already use secure traffic only. However, some of them occasionally regress to cleartext traffic by accident. For example, an inadvertent change in one of the server components could make the server provide the app with HTTP URLs instead of HTTPS URLs. The app would then proceed to communicate in cleartext, without any user-visible symptoms. This situation may go unnoticed by the app’s developer and users.

Even if you believe your app is only using secure traffic, make sure to use the new mechanisms provided by Android Marshmallow (Android 6.0) to catch and prevent accidental regressions.
Read more
#657 Gmail for Android gets Microsoft Exchange support
#656 New decryptor unlocks CryptXXX ransomware
#655 Building a home lab to become a malware hunter - a beginner’s guide
#654 New FAREIT strain abuses PowerShell
#653 Protecting against unintentional regressions to cleartext traffic in your Android apps
#652 Android ransomware attacks using Towelroot, Hacking Team exploits
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12