This is What’s Wrong With Security Reporting

Yahoo news picked up this story and it trended to the top (many others also carried it with the same sensationalization . While the meat of the story may have some good information (although not new information), the headline and conclusions are meant to draw clicks.

Headline:

Your Gmail App Is Shockingly Easy to Hack

In the first paragraph:

..allows them access to mobile Gmail accounts with a 92 percent success rate.

What’s wrong with this? Well, for one the “hack” requires downloading a malicious app to your Android phone. And that 92% success rate? Only among those that download the malicious app.

Yes, it would be nice if shared memory could not me accessed. But that shared memory access also brings benefits (OK, I assume the benefits part. Don’t ask me to list them).

They didn’t test other mobile OS’s but say the hack should work on them too. I’m no developer but I thought on iOS shared memory wasn’t, well, shared by apps. Which resulted in many of the complaints about apps not working together. I’ve also read comments that apps don’t access shared memory on Windows Phone. So this calls into question that assumption by the researchers.

In any event it works on other mobile OS’s, even for Android the headline should be “Installing malicious app will cause security issue!” But I guess that falls into the non-clickworthy “duh” category.

Mint Arrives On Android

Mint.com has released an Android version of their Smartphone app, joining the iPhone version. I use it on my iPod Touch and now on my iPad. (On the iPad it’s just a iPhone formatted app able to expand to 2X).

The Android feature set is similar to the iPhone app features. The Android apps adds a widget that can be used to show your total cash and debt. You can tap the widget to go to the full app.

It’s up to you whether you trust your financial info to a website but I eventually gave in to Mint and figure it’s as secure (or not) than my online banking. I do like Mint’s attention to security. The ability to communicate with the widget, have a live folder or have transactions available to global search are all off by default and have to be enabled.

I’d been using Mint on my iPad because it’s been handier than my iPod Touch these days. Now it’s nice to have it on Android with my always on connection. The only thing on my wish list is the ability to add pending transactions but that’s not on the iPhone version either.