Security News > 2020 > April > Researchers Discover Hidden Behavior in Thousands of Android Apps
Thousands of mobile applications for Android contain hidden behavior such as backdoors and blacklists, a group of researchers has discovered.
Set to discover such behaviors, researchers from The Ohio State University, New York University, and CISPA Helmholtz Center for Information Security came up with a tool that can detect "The execution context of user input validation and also the content involved in the validation," thus finding any secrets of interest.
"We find that input validation in mobile apps can be used to expose input triggered secrets such as backdoors and blacklist secrets, and that input-dependent hidden functionality is widespread in Android apps," the researchers say in their whitepaper.
The research identified hundreds of master passwords, as well as secret commands in thousands of applications, including commands for debugging and for triggering hidden functions unknown to regular users.
"The hidden functionality that INPUTSCOPE has identified can have severe consequences to either app users or developers, and these apps need to be patched by app developers," the researchers note.