Two years ago, there was a growing chorus of voices expressing concern about private API keys finding their way into the public domain thanks in part to careless pushing of code to services like GitHub. Now this problem has spread to mobile apps. The guys over at Hackernoon explain.
What happens when the API is technically secure but the environment, whether widget, web site or mashup, is not? Recent security breaches in MySpace and Yahoo, which led to the release of semi-embarrassing photos of prolific celebs Paris Hilton and Lindsay Lohan, points out the added opportunities for hackers in the open web.
A recent white paper reported an Autofill API vulnerability within Android's 8.0 Oreo release. The vulnerability comes via the ability for widgets to hide themselves from users and request information that users are unaware they are providing to the hidden widget. No public fixes have been issued.