Research shows Android Apps can access all your Google accounts

According to Craig Young, Android Apps can access all of your Google accounts with 1 click. Google uses a token system which is generated when a user logs in to a app with a google account, Craig Young found out that if he then gets this token and paste it into a web session it will allow him to access all of the Google accounts that particular account is currently signed up to (Gmail, Google drive, Google Wallet, Youtube, Adsense etc.).

This flaw was demonstrated at Def Con 21 where Young developed a app that would display Stock from Google finance, to access the app you had to use your login credentials, which of he then used a token to show the audience how he obtained the login credentials.

This is not the first big Android security flaw that we’ve seen, several weeks back a “unremovable” trojan was found on Google’s mobile OS.

No official statement has been made by Google, as of now we don’t know when this security flaw will be fixed.

Source: TheRegister

About the Author

Hello, my name is Niels Bosch
and i am the founder of AmongTech. Currently living in the South of Spain. My main interests are web development, playing video games once in a while, Apple, Marketing and SEO. I am currently studying Business administration, Networking & Security and Database management and will be doing so for the next year.

Leave a Reply

Your email address will not be published. Required fields are marked *