Security News > 2020 > September > Popular Android apps are rife with cryptographic vulnerabilities
Columbia University researchers have released Crylogger, an open source dynamic analysis tool that shows which Android apps feature cryptographic vulnerabilities.
To confirm that the cryptographic vulnerabilities flagged by Crylogger can actually be exploited, the researchers manually reverse-engineered 28 of the tested apps and found that 14 of them are vulnerable to attacks.
As noted at the beginning of this piece, too many apps break too many cryptographic rules.
The researchers emailed 306 developers of Android apps that violate 9 or more of the crypto rules: only 18 developers answered back, and only 8 of them continued to communicate after that first email and provided useful feedback on their findings.
The researchers chose not to reveal the names of the vulnerable apps and libraries because they fear that information would benefit attackers, but they shared enough to show that these issues affect all types of apps: from media streaming and newspaper apps, to file and password managers, authentication apps, messaging apps, and so on.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/cez6jN9tbpI/