Tech News

Finding Secret Keys In Android Apps, Heartbleed Heartache, And More… [Tech News Digest]

Dave Parrack 23-06-2014

Also, Google’s Nest buys Dropcam to monitor your home, Google launches Made With Code to inspire girls to program, Yo woz haxored, the tangled earphones mystery is solved by science, and a little girl begs Google to give her dad a day off.


Researchers Find Google Play Security Flaw


Researchers from Columbia University’s School of Engineering have discovered a major security flaw in Google Play. Developers have been using secret keys to store data inside their apps, thus risking this personal information being exposed and exploited by hackers.

This discovery was made using PlayDrone, a crawler which indexes and analyzes Google Play apps on a daily basis. The bad news is these apps have been leaking data since the inception of Google Play; the good news is that the researchers are working closely with Google and others to identify the risks and plug the holes.

The same research also revealed other interesting factoids about Google Play 4 Alternative Ways Of Browsing The Google Play Store The Play Store, despite its massive selection of apps, isn't always perfect. Read More . Such as a quarter of all free apps being clones of other apps, and that even the worst-rated app Why You Shouldn't Trust App Ratings on Google Play You need a new camera app; you open Google Play and find 50. Naturally, you install the highest-rated one. Guess what? You just got tricked. Read More — which purports to accurately weigh an object on a touchscreen but which actually just displays a random number — was still downloaded more than one million times. Because people are gullible.

Heartbleed Is Still A Huge Problem

Heartbleed Heartbleed – What Can You Do To Stay Safe? Read More , a bug in the OpenSSL protocol, is alive and kicking, with more than 300,000 servers still affected. This is according to security researcher Robert David Graham, who has been tracking the problem since it was first discovered in April of this year Twitter Mimics Facebook, Heartbleed Bug In OpenSSL, Netflix 4K Streaming [Tech News Digest] Twitter becomes Facebook, Microsoft releases Windows 8.1 Update 1, OpenSSL suffers Heartbleed, IE6 declared dead, Netflix streaming in 4K, Sesame GO launches, and Rise Of The Patent Troll. Read More .


The numbers are rather worrying, because they aren’t dropping anywhere near fast enough. Immediately after the discovery of Heartbleed around 600,000 servers were found to be affected. One month later and the figure was 318,000. One more month on and the figure is 309,000.

While the major websites acted quickly to plug the hole, hundreds of thousands of smaller sites just haven’t bothered, whether through ignorance or laziness. The conclusion has to be that thanks to Heartbleed the Internet is going to remain vulnerable for years to come. Causing heartbreak for those adversely affected Digging Through The Hype: Has Heartbleed Actually Harmed Anyone? Read More .

Nest Is Acquiring Dropcam

Nest, which was acquired by Google for $3.2 billion Google Nest, Facebook Branch, YouTube Comments, Muppets Row [Tech News Digest] Google acquires Nest, Facebook acquires Branch, Twitter Web makeover, Yelp forced to reveal anonymous reviewers, YouTube introduces comments management, IObit Uninstaller 3.1 released, and the Muppets stage a mock Twitter argument. Read More in February, is buying Dropcam in a deal worth $555 million. Dropcam is a company specializing in making it simpler to monitor your home via cameras. So, Google owns Nest, Nest owns Dropcam, and Dropcam is watching over us all Dropcam Pro WiFi Monitoring System Review and Giveaway The Dropcam Pro is a small, WiFi enabled, security camera for personal use. We bought this unit for our review. Read More . Scary much?

Google Believes Girls Are Made With Code

Google has invested $50 million to encourage young girls to become programmers. Via an initiative called Made With Code, Google hopes to help close the disparity between the number of men and women choosing technology-related careers. Whether or not you agree with the methods, the end goal is an honorable one.


Yo Was Hacked To Reveal Phone Numbers

Yo, surely the stupidest app ever developed Amazon Shops New 3D Fire Phone, Say Yo To The Dumbest App Ever, And More... [Tech News Digest] Twitter adds support for animated GIFs, a new glitch is found in Super Mario Bros. 30 years after release, HitchBOT prepares to travel across Canada, and a first-person cat simulator on Kickstarter. Read More , has been hacked by a bunch of college students. The hack exposes everybody’s phone numbers, has led to Yo spamming, and enabled the students to pretend to be people such as Jason Calacanis and Elon Musk.

Yo founder Or Arbel admitted the company was “having security issues,” before telling TechCrunch, “Some of the stuff has been fixed and some we are still working on. We are taking this very seriously.” Unlike the app itself, which is all kinds of dumb.

Why Your Earphones Always Get Tangled

Physicists at the University of California, San Diego, have unravelled the mystery of why your earphones always get tangled. In a research project suggesting physicists have far too much time on their hands they discovered that it all comes down to length and stiffness. Need I say more?!

Little Girl Loves Her Dad More Than Google

And finally, Google once declared “Don’t Be Evil,” and a little girl has held the company to that promise by persuading the search giant to give her dad some time off from work.


The girl wrote a note to Google asking that her dad be given a day off work for his birthday, and Google responded by “giving him the whole first week of July as vacation time.” And now we all know how to get through to Google… blue crayon and a childish scrawl.

Your Views On Today’s Tech News

Does the discovery of a security flaw in Google Play cause you any great concern? What should be done to force more websites to fix the Heartbleed problem? Did the story of the little girl battling Google melt your heart as it did mine?

Let us know your thoughts on the tech news of the day by posting to the comments section below. Alternatively, let us know of any technology news stories we may have missed.

Image Credit: Kris Krug via Flickr


Related topics: Google, Online Security, Programming.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Tom W
    June 23, 2014 at 2:05 pm

    It's no surprise to me that Android apps have secret keys that can be read. I did a lot of research and it's not possible to have anything truely secure inside the app package. Anything that the phone can read is easily readible by a person too. I suspect there's a similar problem with IPS. Facebook gets around this by storing the app encryption key of each 3rd party developer on their servers. When an app calls the Facebook servers, they know which developer signed the app.

    • Dave P
      June 23, 2014 at 2:39 pm

      You should have published your research and beaten these guys to it! Is it easily fixed then? I mean, Google Play is huge, so tackling it on a case-by-case basis is a non-starter, right?

    • Tom W
      June 24, 2014 at 2:22 pm

      The "easy fix" is for developers to use a tiny amount of common sense and not put secret keys into their applications. I was looking into this when I wanted to have a web service that would only accept connections from the Android application, and there's no way to store a string or secret key in the application that isn't readable to anyone who has the app installed. It's quite basic really. The phone has to read the string before it sends it out. Even if the connection is secured and encrypted, the string exists within the phone before it is encrypted. There are ways to obfuscate the code, but that can be undone if you try hard enough, and it'll still put the string into memory for all to see at some point. This is why I said it probably exists within iOS as well, there isn't any way around it except for not putting secret keys into the apps in the first place.

    • Dave P
      June 26, 2014 at 5:33 pm

      I wonder why nothing has been said about this problem in iOS. Harder to detect, perhaps?

    • Tom W
      June 26, 2014 at 6:47 pm

      It's probably one or more of:
      * The researchers are more experienced in Android development
      * Android's open source nature makes detecting potential problems easier
      * Apple keep their market and environments incredibly locked down / walled
      * Google are, historically, more welcoming to security researchers than Apple are

      To be honest, I was surprised it took this long for someone to officially highlight the problem.