1. Download our Official Android App: Forums for Android!

Huge Android security leak found, allowing any third party app to access all your Google Accounts

Discussion in 'Android Lounge' started by usernamehhh, Aug 6, 2013.

  1. usernamehhh

    usernamehhh Lurker
    Thread Starter
    Rank:
    None
    Points:
    26
    Posts:
    2
    Joined:
    Aug 6, 2013

    Aug 6, 2013
    2
    1
    26
    According to Craig Young, Android Apps can access all of your Google accounts with 1 click. Google uses a token system which is generated when a user logs in to a app with a google account, Craig Young found out that if he then gets this token and paste it into a web session it will allow him to access all of the Google accounts that particular account is currently signed up to (Gmail, Google drive, Google Wallet, Youtube, Adsense etc.).

    This flaw was demonstrated at Def Con 21 where Young developed a app that would display Stock from Google finance, to access the app you had to use your login credentials, which of he then used a token to show the audience how he obtained the login credentials.

    Source: Research shows Android Apps can access all your Google accounts
     

    Advertisement

    funkylogik likes this.
  2. gtbarry

    gtbarry Android Expert
    Rank:
    None
    Points:
    223
    Posts:
    1,889
    Joined:
    Jul 15, 2012

    Jul 15, 2012
    1,889
    733
    223
    Male
    California
    So it's like being on a computer then? Only give your info to trusted sources.
     
  3. Slug

    Slug Check six!
    VIP Member
    Rank:
    None
    Points:
    2,043
    Posts:
    20,541
    Joined:
    Aug 1, 2009

    Aug 1, 2009
    20,541
    17,003
    2,043
    Male
    Mobile phone retail
    Inverness, UK
    I suspect that this is completely mitigated if using "2-Step Verification" though.
     
    DonB likes this.

Share This Page

Loading...