Browsed by
Month: September 2018

Mobile OWASP Top 10 (2016) : Android

Mobile OWASP Top 10 (2016) : Android

ANDROID Android is the name of the operating system used on many smartphones and tablets. It is owned and maintained by Google. Google bought Android in 2005 and launched it for phones and tablets in 2007, the same year Apple released the first iPhone. An operating system is basically what appears on the screen on a touchscreen device – the underlying software that you interact with. This is different to apps you can download to use for it like you…

Read More Read More

Janus Vulnerability in Android (CVE-2017-13156)

Janus Vulnerability in Android (CVE-2017-13156)

A serious vulnerability (CVE-2017-13156) in Android allows attackers to modify the code in applications without affecting their signatures. The root of the problem is that a file can be a valid APK file and a valid DEX file at the same time. We have named it the Janus vulnerability, after the Roman god of duality. Why we call it Janus vulnerability? The Janus vulnerability stems from the possibility to add extra bytes to APK files and to DEX files. On…

Read More Read More