Thousands of Android apps have built-in crypto keys and passwords

betanews.com /
Thousands of Android apps have built-in crypto keys and passwords

A large number of free Android apps suffer with flaky security because software developers are leaving cryptographic keys embedded and passwords hard-coded. Speaking at the BSides security conference in San Francisco, software vulnerability analyst Will Dormann revealed how he had found serious security problems in thousands upon thousands of apps. After testing 1.8 million apps, he found almost 20,000 featured built-in passwords and keys, and even when a separate password store was used, user data was still open to attack from simple password crackers