MIA talk was to focus on Android developer mistakes

A pair of researchers, who caused a stir at the Black Hat Security Briefings when they failed to show at their presentation, claim to have found using an automated analysis tool.

The presentation, titled "Hacking Androids for Profit," focused on the problems of third-party applications on Android, not on the main operating systems or key programs developed by Google, says Riley Hassell, founder of Privateer Labs. Hassell and co-worker Shane Macaulay, also of Privateer Labs, were scheduled to present their research Aug. 4 but failed to appear.

Also see:

The presentation would have outlined results of the company's analysis of using a scanning tool known as SCURVY, Hassell said.

"We found vulnerabilities in dozens of the most popular apps," he says. "Some are information disclosure -- getting information on the mobile user -- others are privilege escalation."

A particularly pernicious problem is known as activity reuse, where one application can exploit a vulnerability in another application to use that program's elevated permissions. The security weaknesses occur because many developers allow other programs to use certain activities without checking to see if they have the permissions to take a particular action on their own.