Must Read: No niche for iPad: Why I returned mine

Topic: Banking

Developers warn of Android pop-up threats

Summary: Researchers have discovered what they say is a design flaw in Android that could be used by criminals to steal data via phishing or by advertisers to bring annoying pop-up ads to phones.

Elinor Mills

By Elinor Mills |

Developers can create apps that appear to be innocuous but which can display a fake bank app log-in page, for instance, when the user is using the legitimate bank app, Nicholas Percoco, senior vice president and head of SpiderLabs at Trustwave, said ahead of his presentation on the research at the DefCon hacker conference today.

Currently, apps that want to communicate with the user while a different app is being viewed just push an alert to the notification bar on the top of the screen. But there is an application programming interface in Android's Software Development Kit that can be used to push a particular app to the foreground, he said.

The researchers have created a proof-of-concept tool that is a game but also triggers fake displays for Facebook, Amazon, Google Voice, and the Google e-mail client. The tool installs itself as part of a payload inside a legitimate app and registers as a service so it comes back up after the phone reboots, Percoco said.

For more on this story, read Android could allow mobile ad or phishing pop-ups on CNET News.

Topics: Banking, Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion

  • That can't be true

    somebody told me that Android/Linux is so safe, that what you wrote about is just plane impossible.

    I mean, the guy even stakes his reputation on it! ;)
    William Farrell
    Reply Vote

    • RE: Developers warn of Android pop-up threats

      @William Farrell

      Who told you Android was so safe, present supporting facts to your claim. Without supporting facts sounds like the old anti-Linux rants.
      daikon
      Reply Vote

      • RE: Developers warn of Android pop-up threats

        @daikon You must be new here. He's mocking Dietrich T. Schmitz, a guy who won't even acknowledge a system other than Linux.
        Aerowind
        Reply Vote

      • RE: Developers warn of Android pop-up threats

        @daikon Otherwise known as "The Linux (Insert choice word/insult here) Advocate".

        And come on Aero, he does acknowledge other systems, when he is trying to bash them unsuccessfully.
        Bates_
        Reply Vote

    • RE: Developers warn of Android pop-up threats

      @William Farrell LOL :-)
      non-biased
      Reply Vote

  • RE: Developers warn of Android pop-up threats

    <p><a title="Wholesale Authentic Jerseys" href="http://collegeincommon.com/blogs.php?action=show_member_blog&amp;ownerID=4506"><strong>Wholesale Authentic Jerseys</strong></a>,<a title="Wholesale Nfl Jerseys" href="http://hp.ne.kr/elgg/pg/blog/owner/camjersey"><strong>Wholesale Nfl Jerseys</strong></a>,<a title="Customized Washington Redskins Jersey" href="http://camjersey.blog.com/"><strong>Customized Washington Redskins Jersey</strong></a>,<a title="Atlanta Falcons Jersey" href="http://ripplusa.com/blogs/posts/camjersey"><strong>Atlanta Falcons Jersey</strong></a>,<a title="Customized Atlanta Falcons Jersey" href="http://russianzone.info/blogs/posts/camjersey"><strong>Customized Atlanta Falcons Jersey</strong></a>,<a title="Buffalo Bills Jersey" href="http://sports2win.co.uk/user/camjersey/blogs"><strong>Buffalo Bills Jersey</strong></a>,<a title="Customized Buffalo Bills Jersey" href="http://truckarmy.com/user/camjersey/blogs"><strong>Customized Buffalo Bills Jersey</strong></a>,<a title="Chicago Bears Jersey" href="http://t.yicai.com/space.php"><strong>Chicago Bears Jersey</strong></a>,<a title="Cincinnati Reds Jersey" href="http://portalmantra.com/portal/pg/blog/camjersey"><strong>Cincinnati Reds Jersey</strong></a>,<a title="Customized Cincinnati Reds Jersey" href="http://camjersey.blogec.si/"><strong>Customized Cincinnati Reds Jersey</strong></a>,<a title="Colorado Rockies Jersey" href="http://uniteusnations.com/blogs/posts/camjersey"><strong>Colorado Rockies Jersey</strong></a>,<a title="Customized Colorado Rockies Jersey" href="http://rejeje.socialgo.com/members/profile/541/blog"><strong>Customized Colorado Rockies Jersey</strong></a>,<a title="Florida Marlins Jersey" href="http://i.dahe.cn/space.html"><strong>Florida Marlins Jersey</strong></a>,<a title="Customized Florida Marlins Jersey" href="http://koozr.com/u/camjersey"><strong>Customized Florida Marlins Jersey</strong></a>,<a title="Customized Carolina Hurricanes Jersey" href="http://matchupcity.com/blogs_view.php?id=2266"><strong>Customized Carolina Hurricanes Jersey</strong></a>,<a title="Colorado Avalanche Jersey" href="http://shiapal.com/camjersey/blog/"><strong>Colorado Avalanche Jersey</strong></a>,<a title="Customized Colorado Avalanche Jersey" href="http://usidolonline.com/user/camjersey/blogs"><strong>Customized Colorado Avalanche Jersey</strong></a>,<a title="Dallas Stars Jersey" href="http://woodstockuniverse.com/?page=user_blog&amp;room=camjersey"><strong>Dallas Stars Jersey</strong></a>,<a title="Customized Dallas Stars Jersey" href="http://www.2012support.com/blogs/posts/camjersey"><strong>Customized Dallas Stars Jersey</strong></a>,<a title="Edmonton Oilers Jersey" href="http://wejibber.com/blogs/posts/camjersey"><strong>Edmonton Oilers Jersey</strong></a>,<a title="Cleveland Cavaliers Jersey" href="http://my-links.co.cc/u/camjersey"><strong>Cleveland Cavaliers Jersey</strong></a>,<a title="Customized Cleveland Cavaliers Jersey" href="http://www.truckerspets.com/user/camjersey/blogs"><strong>Customized Cleveland Cavaliers Jersey</strong></a>,<a title="Denver Nuggets Jersey" href="http://hockeyer.com/blogs/posts/camjersey"><strong>Denver Nuggets Jersey</strong></a>,<a title="Customized Denver Nuggets Jersey" href="http://www.dateolive.com/blogs/posts/camjersey"><strong>Customized Denver Nuggets Jersey</strong></a>,<a title="Golden State Warriors Jersey" href="http://www.4ppl.com/blog/posts/camjersey"><strong>Golden State Warriors Jersey</strong></a>,<a title="St.Louis Rams Jersey" href="http://www.curaciones.org/user/camjersey/blogs"><strong>St.Louis Rams Jersey</strong></a>,<a title="Washington Wizards Jersey" href="http://www.wetwetgirl.com/blogs/posts/camjersey"><strong>Washington Wizards Jersey</strong></a>,<a title="Wholesale Nfl Jerseys" href="http://www.dog-network.com/user/camjersey/blogs"><strong>Wholesale Nfl Jerseys</strong></a>,<a title="Wholesale Nfl Jerseys" href="http://www.breastfeeding.com/social/user/camjersey/blogs"><strong>Wholesale Nfl Jerseys</strong></a>,<a title="Customized Green Bay Packers Jersey" href="http://www.goldbar.tv/index.php?do=/public/user/blogs/name_camjersey/"><strong>Customized Green Bay Packers Jersey</strong></a>,<a title="Houston Texans Jersey" href="http://www.sexomer.ru/blogs/posts/camjersey"><strong>Houston Texans Jersey</strong></a>,<a title="Customized Houston Texans Jersey" href="http://demo.spacebuilder.cn/u/camjersey/Blog"><strong>Customized Houston Texans Jersey</strong></a>,<a title="Jacksonville Jaguars Jersey" href="http://www.z37.com/profile.php?sub_section=blog&amp;id=12544"><strong>Jacksonville Jaguars Jersey</strong></a>,<a title="Customized Jacksonville Jaguars Jersey" href="http://www.littlelocksmith.com/blogs.php?action=show_member_blog&amp;ownerID=2000"><strong>Customized Jacksonville Jaguars Jersey</strong></a>,<a title="Miami Dolphins Jersey" href="http://www.ylove.co.il/blogs.php?action=show_member_blog&amp;ownerID=1808"><strong>Miami Dolphins Jersey</strong></a>,<a title="New York Yankees Jersey" href="http://www.xxllove.net/blogs_view.php?id=102479"><strong>New York Yankees Jersey</strong></a>,<a title="Customized New York Yankees Jersey" href="http://www.ybsfj.com/site/bbs/Blog.asp?BlogUserName=camjersey"><strong>Customized New York Yankees Jersey</strong></a>,<a title="Philadelphia Phillies Jersey" href="http://www.yinranzhuji.com/member/index.php?uid=camjersey"><strong>Philadelphia Phillies Jersey</strong></a>,<a title="Customized Philadelphia Phillies Jersey" href="http://www.zhuijianpan360.com//member/index.php?uid=camjersey"><strong>Customized Philadelphia Phillies Jersey</strong></a>,<a title="San Diego Padres Jersey" href="http://www.zouru.com/member/index.php?uid=camjersey"><strong>San Diego Padres Jersey</strong></a>,<a title="Customized San Diego Padres Jersey" href="http://www.wjtlzx.com/bbs/Blog.asp?BlogUserName=camjersey"><strong>Customized San Diego Padres Jersey</strong></a>,<a title="Customized New Jersey Devils Jersey" href="http://www.findmet.in.th/social/pg/blog/camjersey"><strong>Customized New Jersey Devils Jersey</strong></a>,<a title="New York Rangers Jersey" href="http://www.dovevalleydubbers.co.uk/blogs/posts/camjersey"><strong>New York Rangers Jersey</strong></a>,<a title="Customized New York Rangers Jersey" href="http://www.ncci-namibia.org/blogs/posts/camjersey"><strong>Customized New York Rangers Jersey</strong></a>,<a title="Philadelphia Flyers Jersey" href="http://www.chatbook.in/blogs/posts/camjersey"><strong>Philadelphia Flyers Jersey</strong></a>,<a title="Customized Philadelphia Flyers Jersey" href="http://www.thoughts.com/camjersey"><strong>Customized Philadelphia Flyers Jersey</strong></a>,<a title="Pittsburgh Penguins Jersey" href="http://savagekoala.com/user/camjersey/blogs"><strong>Pittsburgh Penguins Jersey</strong></a>,<a title="Miami Heat Jersey" href="http://www.globaltestsite.net/index.php?do=/public/user/blogs/name_camjersey/"><strong>Miami Heat Jersey</strong></a>,<a title="Customized Miami Heat Jersey" href="http://bgsplace.co.uk/blogs/posts/camjersey"><strong>Customized Miami Heat Jersey</strong></a>,<a title="New Jersey Nets Jersey" href="http://www.webdosti.com/blogs/posts/camjersey"><strong>New Jersey Nets Jersey</strong></a>,<a title="Customized New Jersey Nets Jersey" href="http://www.wegetsocial.org/index.php?do=/camjersey/blog/"><strong>Customized New Jersey Nets Jersey</strong></a>,<a title="New York Knicks Jersey" href="http://www.jadescn.com/member/index.php?uid=camjersey"><strong>New York Knicks Jersey</strong></a>,<a title="Tennessee Titans Jersey" href="http://www.jiu3.com/member/index.php?uid=camjersey"><strong>Tennessee Titans Jersey</strong></a>,<a title="Customized Washington Wizards Jersey" href="http://www.ktjjw.com/member/index.php?uid=camjersey"><strong>Customized Washington Wizards Jersey</strong></a>,<a title="Philadelphia Flyers Jersey" href="http://www.kite-skills.com/index.php?option=com_blog&amp;view=myposts&amp;Itemid=67"><strong>Philadelphia Flyers Jersey</strong></a>,<a title="Customized Philadelphia Flyers Jersey" href="http://www.zzstep.com/index.php?uid-203749-action-spacelist-type-blog"><strong>Customized Philadelphia Flyers Jersey</strong></a>,<a title="Pittsburgh Penguins Jersey" href="http://www.exfatpeople.com/user/camjersey/blogs"><strong>Pittsburgh Penguins Jersey</strong></a>,<a title="Miami Heat Jersey" href="http://www.beslisser.nl/user/camjersey/blogs"><strong>Miami Heat Jersey</strong></a>,<a title="Customized Miami Heat Jersey" href="http://www.almostdivas.com/blogs/posts/camjersey"><strong>Customized Miami Heat Jersey</strong></a>,<a title="New Jersey Nets Jersey" href="http://smartertalent.com/blogs.php?action=show_member_blog&amp;ownerID=1590"><strong>New Jersey Nets Jersey</strong></a>,<a title="Customized New Jersey Nets Jersey" href="http://www.2bsocial.ca/index.php?do=/camjersey/blog/"><strong>Customized New Jersey Nets Jersey</strong></a>,<a title="New York Knicks Jersey" href="http://houstonfoodreviews.com/blogs/posts/camjersey/10/2"><strong>New York Knicks Jersey</strong></a>,</p>
    canojersey
    Reply Vote

  • RE: Developers warn of Android pop-up threats

    Get professional results <a href="http://www.ghd2hairstraightenersaustralia.com/"><strong>GHD Straighteners</strong></a> with ghd's brand new <a href="http://www.ghd2hairstraightenersaustralia.com/"><strong>GHD Hair Australia</strong></a> collection of 10 brushes <a href="http://www.ghd2hairstraightenersaustralia.com/"><strong>GHD Hair Straighteners Cheap</strong></a> and 2 combs ? developed <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-midnight-collection-c-2/"><strong>GHD Collection</strong></a> with professional stylists <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-pink-hair-straighteners-c-3/"><strong>Ghd Kiss</strong></a> to give you a smooth <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-pink-hair-straighteners-c-3/"><strong>Ghd Pink 2009</strong></a> and sleek finish <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-purple-hair-straighteners-c-4/"><strong>Ghd Purple Sale</strong></a> to your style. <a href="http://www.ghd2hairstraightenersaustralia.com/ghd-purple-hair-straighteners-c-4/"><strong>yongfengying2</strong></a>
    yongfengying2
    Reply Vote

  • UGG Classic Short perf

    <a href="http://www.bootsuggcollection.com/5825-classic-short-c-25.html">UGG Classic Short</a> is a stylish and glittery take on one of our most famous boots. Covered in sparkly sequins and bound with satin, it is sure to turn heads and stand out in a crowd. All boots in our <a href="http://www.bootsuggcollection.com/5825-classic-short-c-25.html">UGG Classic Short boot</a> feature a soft foam insole covered with genuine sheepskin. The <a href="http://www.bootsuggcollection.com/5825-classic-short-c-25.html">UGG Classic Short perf</a> has a light and flexible, molded EVA outsole that is infused with metallic flecks and designed for amazing comfort with every step.
    fuxiaosi0906
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close