Hello Kristian, A quick check of the affected Apps shows this: PHONE for Google Voice & GTalk
You can see the current list of apps here: https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing Regards, Sumin From: Kristian Erik Hermansen [mailto:[email protected]] Sent: Monday, October 27, 2014 23:01 To: Sumin Tchen; [email protected] Subject: Re: [android-security-discuss] Thousands of Android apps fail to validate SSL Any Google apps vulnerable? On Tue, Oct 28, 2014, 4:58 AM sumin tchen <[email protected]<mailto:[email protected]>> wrote: US CERT has identified about 3,400 Android apps to date that do not properly validate SSL certificates, leaving them open to MITM attacks. Possible outcomes are credential stealing or arbitrary code generation. Of these about 250 apps are very popular, i.e. over 1 million downloads, and include apps such as Galaxy S5 Live Wallpaper, Slide Show Creator, Windows Live Hotmail Push, FriendCaster Chat, DISH Anywhere, Kim Kardashian, among many others. Appears that CERT will announce many more apps that fail SSL validation over the following months. Details are here: http://www.kb.cert.org/vuls/id/582497 What is the mobile industry doing about this? To check your apps, you can download the free Belarc Security Advisor from Google Playstore. Currently covers about 900 of the vulnerable apps and updates will include future vulnerable apps. Details are here: http://m.belarc.com/sa.html Regards, Sumin -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To post to this group, send email to [email protected]<mailto:[email protected]>. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
