...stuff I do and things I like...

Monday, March 03 2014

Mobile Security News Update March 2014

Conferences
    InfoSecSouthWest April 4-6 Austin Texas. jduck: Android Security Research and Testing at Scale. Thomas Wang: Breaking through the bottleneck: Mobile malware is outbreak spreading like wildfire.


CFPs
TextSecure: secure and easy to use text (SMS) for Android (and soon iOS)
    I'm not really into advertising for stuff here but the recent update of TextSecure made a gigantic impression on me. The application works well, is uber user friendly, and looks just great. They further added IM like functionality (using IP rather then SMS), see here: The New TextSecure: Privacy Beyond SMS. Further there is the possibility to run your own server for TextSecure IP backend, see here.

    I switched to TextSecure for a number of reasons: transparent encrypted SMS, super usable application (I can finally stop using the Hangout app - worst thing so far on my Nexus 5), TextSecure source code is available, and did I mention that the UI looks really great? All in all this is good quality security software that even looks better then the less secure competitors, YES!


WebViews and Security on Android
    The security (insecurity) of WebView lately got a lot of attention. There has been some early academic work such as A View to A Kill: WebView Exploitation by Matthias Neugschwandtner et al. Then there was Dave Hartley's blog post on ad-network security. Most recently Joshua 'jduck' Drake wrote a very detailed blog post about the WebView addJavaScriptInterface Saga. All in all the WebView story is not over for sure as WebViews are a widely used framework feature of Android. I'll keep following this issue for sure.

Links