Android App Vulnerablities Research

M10: Code Modification Vulnerabilities
           21 apps, > 40 Million installs
           3 fixed as of 5-22-15

M3: SSL Validation Failures Previously Reported by CERT
           36 general apps, >350 Million Installs
           16 medical apps

Ars Technica Articie 4-27-15

M3: New SSL Validation Failure
           Blue Cross Blue Shield NC -- Fixed in 2 days!

CNIT 128: Hacking Mobile Devices (Spring 2015 at CCSF)
           Instructions for Android App security audits

OWASP Mobile Top Ten Risks

Legal Precedents

M5: FTC Approves Final Order Settling Charges Against TRENDnet, Inc. (2-7-14)

M3, M6: Fandango, Credit Karma Settle FTC Charges that They Deceived Consumers By Failing to Securely Transmit Sensitive Personal Information (3-28-14)

M2, M5, M6, M7: FTC Charges D-Link Put Consumers' Privacy at Risk Due to the Inadequate Security of Its Computer Routers and Cameras (1-5-17)

M3, M5: ASUS Settles FTC Charges That Insecure Home Routers and "Cloud" Services Put Consumers' Privacy At Risk (2-23-16)


Posted 5-23-15 by Sam Bowne
Updated 6-2-15 with FTC link
Updated 6-13-15 with codemod.html file extension fixed
Updated 1-7-16 with FTC v. D-Link