along_the_road@beehaw.org to Technology@beehaw.org · 4 days agoHackers can steal 2FA codes and private messages from Android phonesarstechnica.comexternal-linkmessage-square7fedilinkarrow-up133arrow-down10cross-posted to: technology@lemmy.worldandroid@lemdro.id
arrow-up133arrow-down1external-linkHackers can steal 2FA codes and private messages from Android phonesarstechnica.comalong_the_road@beehaw.org to Technology@beehaw.org · 4 days agomessage-square7fedilinkcross-posted to: technology@lemmy.worldandroid@lemdro.id
minus-squareMidnitte@beehaw.orglinkfedilinkEnglisharrow-up3·4 days agoAuthenticator app just needs to implement FLAG_SECURE, no? Seems more like an app dev issue
minus-squarejherazob@beehaw.orglinkfedilinkEnglisharrow-up3·4 days agoLooks like this works regardless of that
minus-squareMidnitte@beehaw.orglinkfedilinkEnglisharrow-up2·4 days agoLooks like you might be right - though I imagine disabling the ability to draw over apps with that security flag in place would do a lot to mitigate… but… im also not a security researcher
Authenticator app just needs to implement FLAG_SECURE, no?
Seems more like an app dev issue
Looks like this works regardless of that
Looks like you might be right - though I imagine disabling the ability to draw over apps with that security flag in place would do a lot to mitigate… but… im also not a security researcher