PAPERS
To return to the "Published Papers" main page, click here.
THE SEVENTH INTERNATIONAL CONFERENCE ON FORENSIC COMPUTER SCIENCE - ICoFCS 2012
Print ISBN 978-85-65069-08-3 - Online ISBN 978-85-65069-06-9, pages 20-26
DOI: 10.5769/C2012003 and http://dx.doi.org/10.5769/C2012003
Análise de Segurança nos Processos de Sincronização e Autenticação de Aplicativos Android
By Ricardo Kléber Martins Galvão, and Marbel C. de O. Barbosa
To download this paper, click here.
Print ISBN 978-85-65069-08-3 - Online ISBN 978-85-65069-06-9, pages 20-26
DOI: 10.5769/C2012003 and http://dx.doi.org/10.5769/C2012003
Análise de Segurança nos Processos de Sincronização e Autenticação de Aplicativos Android
By Ricardo Kléber Martins Galvão, and Marbel C. de O. Barbosa
To download this paper, click here.
ABSTRACT
This research aims to analysis of processes of user authentication for access to Google and Twitter services through mobile applications for Android devices, verifying the occurrence of vulnerabilities that offer threatens the confidentiality and integrity of information that users rely their service providers.The motivation originates from the discovery of researchers at the Ulm University, about vulnerability in the authentication process to access the mobile device applications that use protocol ClientLogin, the user data stored in their services. However the research described here is not restricted to the protocol ClientLogin, but extends the analysis of the OAuth protocol, also used by some applications of mobile devices for authentication.
KEYWORDS
Android, Apps, ClientLogin, Oauth, vulnerability.
This research aims to analysis of processes of user authentication for access to Google and Twitter services through mobile applications for Android devices, verifying the occurrence of vulnerabilities that offer threatens the confidentiality and integrity of information that users rely their service providers.The motivation originates from the discovery of researchers at the Ulm University, about vulnerability in the authentication process to access the mobile device applications that use protocol ClientLogin, the user data stored in their services. However the research described here is not restricted to the protocol ClientLogin, but extends the analysis of the OAuth protocol, also used by some applications of mobile devices for authentication.
KEYWORDS
Android, Apps, ClientLogin, Oauth, vulnerability.
