The other day I checked the Android Market and decided to download a featured application with 5 stars called PageOnce. When I installed PageOnce, it asked me if I would like to sign in to various accounts, to include Gmail, Paypal, Amazon, My Bank, Twitter and several more.
Honestly I do see great productivity potential with that type of App, but security-wise I think nobody should download Apps that connect to multiple accounts, simultaneously. I am okay with Social Networks but really? Amazon? Paypal? Bank Account? I would much rather visit those sites individually rather than having an App of unknown origin sign in for me.
To me, Apps that login to various “personal” accounts are like BotNets that hold very sensitive information about you. Ultimately, it is just a hack waiting to happen. Imagine the far reaching and potentially financially devastating consequences.
You can argue that they use an API and shouldn’t be designed to store usernames and passwords, for the various accounts. How can we be certain that this is really the case? Just because somebody wrote on website that they don’t hold your usernames and passwords it does not mean it’s necessarily true. What if my phone gets stolen? All they have to do is open the application, and they’ll potentially have access to all of my personal data. In the end, it would be my own fault, since I allowed such Apps to access my personal accounts.
What are your thoughts about it? We’re interested to know.
Thanks to Justin for editing.
This was a really good catch, Joe. While you might not be the first person to write it up, you did, which can potentially help a lot of others. As a network security person, by trade, these are the type of things we try to educate users on, so that they can better protect themselves. Again, nice job.
I have been using Pageonce on my iPhone fro over a year.
It's been a very usefull app for me. I use the credit cards and bank accounts, Amazon, Netflix and all my travel sites. As a regular traveler I fiund the app very productive and time saving for me.
I was initialy concern about the security, however I found out that no one can log into my financial accounts automaticaly (neither do I). The worst can happen they might be able to view some data. From what I can tell no account numbers or names are shown.
If I believe the Pageonce people – then their security is higher than a bank level security…
Oh I don't blame the “application” it self, I am just ranting about the
security of such apps, I mean are people that lazy to open 2 links instead
off 1. See nothing happened yet, but what if it does happen? Um.. good luck
getting your SSN or any account straightening out.