Hi Earlence, Thank for trying our service, your feedback is very valuable. For your question: UI spoofing - we validate if an attacker can modify some UI elements of the target app (e.g its Activity title). Activity hijacking - we check if the target app starts an activity with an implicit intent that can be caught by malware.
This service is not an App Rep service, you should use it in order to help protect your application by detecting its vulnerabilities and fixing them. This is why your malware wasn't detected. Again I would like to thank you for this comment as it shows me that what we offer isn't clear enough and we should improve our message. I invite you to test our service again, with a vulnerable application this time, and let me know what you think of it. -Eitan On Wednesday, February 11, 2015 at 8:33:58 PM UTC+2, Earlence wrote: > The doc says that you detect UI spoofing and activity hijacking. Can you > provide some details on how it does that? > I ran a test app that creates a UI that imitates the real Chase banking > app but the service did not warn that this app is > creating a UI spoof. Am I misunderstanding something? > > -Earlence > > On Saturday, February 7, 2015 at 1:13:26 PM UTC-5, Eitan Worcel wrote: >> >> Hi, >> >> We in IBM have built a new service that allows you to easily upload your >> apk file to our site, and receive a security report with details on the >> security vulnerabilities that were found in it. >> I'm the product manager of this service and I would really appreciate it >> if you could let me know what you think of this new service. >> Use this link https://ibm.biz/BdEw9f to register to a free 30 days trial >> >> Thanks, >> Eitan >> >> -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
