Fallible is a security firm which developed an automated tool for reverse engineering Android apps and used it to take a look at a large portion of the top apps on Google Play. They found quite a few things that really should not have been there, including keys to Amazon Web Services which would grant them the ability to start and stop instances under the developers account. In total they found 2500 apps with at least some sensitive information contained within them, in many cases those keys were necessary for the proper functioning of the app but in some cases they were secrets which did not need to be there. Follow The Register's advice and think long and hard before hard coding keys into any apps you might be developing.
"A security firm has reverse engineered 16,000 Android apps on Google's Play store and found that over 304 contain sensitive secret keys."
Here is some more Tech News from around the web:
- Verizon to redirect calls made from dangerous Galaxy Note 7 phones @ Ars Technica
- How to Keep Hackers out of Your Linux Machine Part 1: Top Two Security Tips @ Linux.com
- Seagate hauls out fat form factor throwback hard drive @ The Register
- A more advanced guide to total Android customization @ Ars Technica
- Qualcomm sued for allegedly bribing Apple to use its chips in iPhones and iPads @ The Inquirer
- Cordless Drill Uses no Electricity @ Hack a Day
- iMessage emoji prank is temporarily borking iPhones and iPads @ The Inquirer
- noblechairs Epic Series Gaming Chair Review @ NikKTech