homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

Report: Google Android One-Click Login Is A User Risk

WebmasterWorld Administrator engine us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Msg#: 4599441 posted 11:55 am on Aug 5, 2013 (gmt 0)

A feature that allows Android users to authenticate themselves on Google websites without having to enter their account password can be abused by rogue apps to give attackers access to Google accounts, a security researcher showed Saturday at the Defcon security conference in Las Vegas.

The feature is called "weblogin" and works by generating a unique token that can be used to directly authenticate users on Google websites using the accounts they have already configured on their devices.

Report: Google Android One-Click Login Is A User Risk [pcworld.com]



WebmasterWorld Senior Member 5+ Year Member

Msg#: 4599441 posted 12:39 pm on Aug 5, 2013 (gmt 0)

This is not so bad: it requires a "rogue app" with certain permissions.

I do not think ANY OS is secure against malicious software installed by a user.

Desktops are better IF you configure them correctly (Linux with App Armour for example - no idea what Mac/Windows equivalents would be), but VERY few people do that.

In fact, Android is quite good because it does limit permissions at the App level by default, so if you keep an eye on what you are doing when you install, you may spot something suspicious about these apps.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved