Darren Pauli reports:
And still we fail to learn: a quintet of researchers has found that the bad practice of writing keys into code persists among some of the world’s most popular Android and iOS applications.
The researchers say the hard-coded credentials can be easily extracted to gain access and manipulate millions of sensitive individual and corporate credentials, medical health records, and personal data.
[…]
Siegfried Rasthofer; Steven Arzt; Robert Hahn; Max Kolhagen, and Eric Bodden of the Technical University and Darmstadt, Germany, presented their work in the paper (In)Security of Backend-as-a-Service (PDF) presented at BlackHat Europe.
Read more on The Register.