opinion

Malware Woes for Open Source App Distribution

As evolution impacts the mobile arena, malware threats and other factors are joining forces to cast a doubt on traditional Open Source Android apps and their free-for-all distribution channels that can lack substantial oversight and be rife with vulnerabilities.

For marketers of adult entertainment, Android’s huge audience cannot be ignored.

Vulnerability to MITM attacks and operator ignorance are only two of the problems facing Android app developers, who must now also contend with Google’s response to the app security issue.

Statistics from mid-November show that Android’s market share is sharply rising, with Google’s OS powering more than 72 percent of Smartphones sold in the past quarter — in comparison to competitor Apple’s iOS, which saw a nearly 14 percent share.

But the size of this market also makes it an attractive target for malicious attacks, such as those against the secure sockets layers (SSL) and transport layer security (TLS) protocols that are supposed to protect a user’s information, but can be compromised when careless coders fail to take the proper precautions.

A recent report by university teams from Hannover and Marburg, Germany, entitled, “Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security,” finds that while many Android apps have a legitimate need to communicate over the Internet, potential security threats from apps that use the SSL/TLS protocols make sensitive data vulnerable during transit, and calls on Android developers to better protect information they transmit.

The report cites a lack of visual security indicators for SSL/TLS use and inadequate use of SSL/TLS as exploitable for launching Manin-the-Middle (MITM) attacks.

The researchers used a tool known as Mallo-Droid to detect potential vulnerabilities to MITM attacks while targeting 13,500 free apps downloaded from Google’s Play Market.

Its analysis shows that while only 1,074 (8 percent) of the apps contained vulnerable SSL/TLS coding, they represent 17 percent of the apps containing HTTPS URLs — underscoring the false sense of security that an HTTPS link provides.

The team’s study also discovered various forms of SSL/TLS misuse during a manual audit of 100 selected apps and was then able to launch MITM attacks against 41 apps — successfully gathering “a large variety of sensitive data.”

According to the report, this included credentials for American Express, Diners Club, Facebook, Google, Microsoft Live, Paypal, Twitter, WordPress and Yahoo!, plus access to bank and email accounts, web servers and other supposedly secure environments.

Snooping wasn’t the only possibility the group found, however.

‘We have successfully manipulated virus signatures downloaded via the automatic update functionality of an antivirus app to neutralize the protection or even to remove arbitrary apps, including the antivirus program itself,” the report claims, adding that it is “possible to remotely inject and execute code in an app created by a vulnerable app building framework.”

The team estimates that up to 185 million Android users are vulnerable to MITM attacks based on data from Google’s Play Market — and with the threat extending to the deactivation of antivirus systems, it is a threat that users and developers should heed.

The report also reveals the results of an online survey seeking to evaluate perceptions about certificate warnings and HTTPS visual security indicators. It finds that half of the respondents did not know how to tell if their Android browser session was protected by SSL/TLS — highlighting the social aspects of the security equation.

Vulnerability to MITM attacks and operator ignorance are only two of the problems facing Android app developers, who must now also contend with Google’s response to the app security issue — a reply that could include escalating restrictions on applications, as well as the new malware scanning procedures now underway on the Google Play Store — bringing the portal closer to the Draconian policies employed by Apple’s App Store.

For adult app developers who appreciate the libertine airs of the Open Source world, these growing restrictions might not be welcome news, and may further accelerate moves to Android-compatible websites and applications.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
opinion

Account-to-Account Payments: The New Banking Disruptor?

So much of our industry relies upon Visa and Mastercard to support consumer payments — and with that reliance comes increased scrutiny by both brands. From a compliance perspective, the bar keeps getting raised until it feels like we end up spending half our time making sure we are compliant rather than growing our business.

Cathy Beardsley ·
profile

WIA Profile: Samantha Beatrice

Beatrice credits the sex positivity of Montreal for ultimately inspiring her to pursue work in adult entertainment. She had many friends working in the industry, from sex workers to production teams, so it felt like a natural fit and offered an opportunity to apply her marketing and social media savvy to support people she truly believes in and wants to see succeed.

Women In Adult ·
Show More