Security of Third Party Login Tokens

nakedsecurity.pngI tend to ignore most of the noise coming out of anti-virus companies as it’s often biased self-supporting PR. However, the Sophos news site has a great article on how Facebook logins aren’t being properly protected on iOS and Android. In summary, auth tokens are being saved to files that can be read into other apps or in some cases simply read via a USB connection. It’s a type of information leakage I previously mentioned when I wrote about safe coding.