New Security Token App [Android / IOS] Really secure? Can we trust it?

[Hercule]

Hello,

I have an old Security Token, and this new "Security Token app" for my android phone, is really attractive to me, but i'm worried about security on Mobile OS especially Android.

When you read some article like this one:
A quarter of Android apps pose "high risk" to security

http://www.v3.co.uk/v3-uk/news/22356...ecurity-issues


So, for exemple, let say i'm an Hacker, and I made a "fake FFXI free app"

-> So i know if someone download this app, there is a good chance he have the security token app on his phone.

-> This app could be a "Trojan" or something else that able to spy everything on my phone, especially on the Security Token SquareEnix app.

What could happen if this Hack app could take control or spy my phone?
Are you sure your Token Security app on these mobile OS (Android) is really secured?

Currently i stay on my old token till i'm sure there is no problem on Android to use this.

Thank you.

[Ziyyigo-Tipyigo]

I already tried making this argument back when a player suggested S-E offer something like this to begin with. In response to this argument, the general consensus of the community appeared to be "We don't care."

[Volkai]

Same issues as there are with any app on Android. None of your concerns are unique to the security token.

[Alhanelem]

If you're afraid of the security token app, then you'd better not download any apps ever.

There's not really any way for the software token to be abused, other than you showing someone the number on the screen and having them enter it.

There is little to no difference in safety between the physical token and the software token. Android apps are "sandboxed" which limits the ability of any other software to gain access to or modify or read another app.

You should take such scare-tactic articles with a grain of salt. It's almost impossible for a hacker to get your account compromised via the phone app;

The only way i can imagine your worry happening is someone making a fake security token app, but they wouldn't have any way to get it to generate correct passwords for your account.

When you register the software token, it's tied to your specific phone- if you delete the app, or reset your phone, you'd have to get it removed with your removal password, and then put it back on again. Because of this, there's no way for a hacker to abuse the token. They'd have to get their hands on your actual phone and use it themselves or get a picture of it with a number displayed or something (a "man in the middle" attack)- the only security against this is the same kind of security you guard any other personal information with: yourself.

[Limecat]

I wonder if it'll run with bluestacks. My physical token has been looking ever so slightly faded in the display the last year or so, and I have no idea how long the battery will be good for.

[Alhanelem]

I wonder if it'll run with bluestacks. My physical token has been looking ever so slightly faded in the display the last year or so, and I have no idea how long the battery will be good for.

The token will flash a battery warning when it's going. Ittl say something like BATT on the screen or something I think when you use it, which is your signal to remove it as soon as possible.

[FrankReynolds]

In essence, the app is as safe as your phone is. If you play on the PC version, you are just as vulnerable there. Most people never have issues on the PC though and I doubt there will be many with the phone app either.

Long story short: If it connects to the internet, it can be hacked, but that is no reason to go live in the Forrest somewhere.