- Forum posts: 1
Dec 9, 2014, 8:40:02 PM via Website
Dec 9, 2014 8:40:02 PM via Website
It's an idea that came arround when installing a banking application. Doing that, I was wondering: was I installing the legitimate version?
Sure, the right way and right answer would be: browse the bank website, click on the mobile app referenced, and that's OK.
But if you - like me - seek your expectancy directly from the Market, you may come accross many apps/icons that could put you in trouble as to chosse the "right one".
Why the "right one": Here the scenario I think being possible. I'm a malicious developer, and I issue an app (whose icon looks like the legitimate one) targeting a specific application or service provider. Any user, not aware about the risks, may install and use it. That fake app would, indeed, forward the user's requests to the legitimate server, but could leak their personal information to the malicious server.
Without high skills in Android, I imagined a what-could-be proposal/solution: with the help of little changes in the APK packaging, in the Android installer and in the server's logic, an enduser may be sure about the legitimacy of the newly installed app, before any login.
This forum I put the request may not be the right place to discuss about such a topic.
I thank you for your advices, feedbacks and comments,
PS: try to guess the right one to install
— modified on Dec 10, 2014, 6:26:16 AM by moderator