Encrypt your iOS backups!
Facebook logins easily slurped from iOS, Android kit
Facebook's iOS and Android clients don't encrypt users' logon credentials, leaving them languishing in a folder accessible to other apps or USB connections. A rogue application, or two minutes with a USB connection, are all that's needed to lift the temporary credentials from either device – a problem compounded by Facebook's …
-
Tuesday 3rd April 2012 15:20 GMT Ru
"any Android application granted permission to "modify/delete SD Card" could do the same thing"
I understand that managing fine-grained access controls is difficult, both for developers and users.
But seriously, some sets of permissions are clearly very powerful indeed, and should be far more stringently controlled. I have similar irritation with Facebook's own notion of access control granularity for its apps.
-
-
Tuesday 3rd April 2012 16:27 GMT Anonymous Coward
Re: Misleading title
Thats not how I read it, I read it to mean that all IOS devices are vulnerable but only when connected via a USB cable .... JailBroken IOS are vulnerable from apps
And the fact that Android is more open and gives you access to your files is a good thing, poor developers that don't encrypt and protect data is a bad thing.. ..
-
-
Tuesday 3rd April 2012 16:15 GMT Gerard Krupa
Android security
Android is quite capable of hiding data from other apps since it uses an ext2 Linux file system and allocates a unique user to each installed app, providing an appropriately chmodded private storage directory for each one. It's purely a developer choice to store credentials on the shared file system (except for rooted devices and even most of those have a barrier preventing unauthorized elevation of privileges).
-
-
Tuesday 3rd April 2012 20:33 GMT Craigness
Re: Yes, this is a programming error by FB.
I get the impression that Android programmers are considered obsolete by big brands in the app development world. Any Android programmer would indeed know that, but companies give their code to an intern and ask them to translate it into Android for the other 60% of their userbase.
Seen the offering from Instagram?
-
-
-
-
Tuesday 3rd April 2012 17:45 GMT ThomH
I should expect so too, since it's just incompetence on Facebook's side. On iOS there's the keychain exactly to allow developers securely to store information without having to know anything about the topic for themselves, and I'd be extraordinarily surprised if there's no similar API in Android.
Facebook's developers have simply been lazy.
-
Wednesday 4th April 2012 11:54 GMT Anonymous Coward
"dodgy software from unreliable sources"
> those who download dodgy software from unreliable sources sometimes deserve what they get
...you mean, like, any Android owner, using the Android Market?
(In ICS they seem to have renamed it the "Play Store", which is kinda what it is - not a proper store at all. The store owners don't know what they're selling and don't care if it hurts you - caveat emptor to the max.)
-