[IS&T Security-FYI] SFYI Newsletter, November 5, 2012

Mon Nov 5 16:20:17 EST 2012

In this issue:

1. Upcoming Laptop Tagging Events

2. Data Privacy Concerns in Android Apps

------------------------------------------------

1. Upcoming Laptop Tagging Events

------------------------------------------------

In collaboration with the MIT Police, IS&T is providing a monthly opportunity to have laptops registered and tagged with a STOP tag.

The next upcoming tagging events are November 7 and December 5 from 11:00 am to 1:30 pm in E17-121.

Learn more about this laptop theft prevention program<http://ist.mit.edu/news/STOP_tags>.

--------------------------------------------------------

2. Data Privacy Concerns in Android Apps

---------------------------------------------------------

Researchers say that more than a quarter of apps for Androids available through the Google Play store appear to pose potential security risks to users. The researchers considered the apps to be questionable or suspicious if they had the capability to access personal information such as GPS data, phone calls and phone numbers. Users were led into allowing the apps to collect the data when they were installed; if users do not agree to the apps' requests, the apps will not run on their devices. The practice appeared to be popular among games, entertainment, and wallpaper apps, despite the fact that those apps would seem to have little or no practical use for the information.

The researchers state specifically that these apps are not considered malware, simply that they pose a privacy risk to users.

The report, released by Bit9, suggests that businesses educate employees about what app permission requests really mean and to stay away from third-party app markets, where the majority of malicious Android apps lurk.

If you are an MIT community member, see this handout<http://kb.mit.edu/confluence/download/attachments/5375837/Mobile+Security+Handout.pdf> (.pdf format) for advice on securing your mobile device or visit the Mobile Device Ninja page<http://kb.mit.edu/confluence/display/istcontrib/Mobile+Device+Ninja> in the MIT Knowledge Base.

Read the full story in the news<http://www.informationweek.com/security/application-security/android-apps-fail-risk-assessment-check/240012652>.

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20121105/c2b04aa0/attachment.htm