Android Allows Forced Pop-Ups and Phishing

New research presented at the DefCon event this weekend revealed that a core design feature of Android could be used to annoy and possibly cheat the users.

Trustwave’s SpiderLabs head, Nicholas Percoco, warned the public that a standard Android API does not only push an app to the front and steal focus from another — but disable the standard back button command. It might create pop-ups within an ad, and CNET saw examples of apps that would appear legitimate but quickly becomes fraid to phish information.

Read the rest of the article »