Security News
A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Although Google addressed the vulnerability in March, new findings from Check Point Research show that many third-party app developers are yet to integrate the new Play Core library into their apps to mitigate the threat fully.
Infosec bods from Check Point have discovered that popular apps are still running outdated versions of Google's Play Core library for Android - versions that contained a remote file inclusion vulnerability. They found that the Play Core Library, an in-app update and streamlining feature offered to Android devs, could be abused to "Add executable modules to any apps using the library".
First reported in late August by researchers at Oversecured and since analyzed by cyber threat intelligence provider Check Point, a recent flaw affecting several Android apps points to this patch-applying dilemma. After alerting the developers of these apps to the flaw, the Viber and Booking apps have since been patched, according to Check Point.
Roid apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020. In August, mobile app security company Oversecured discovered a vulnerability in the Google Play Core Library that allowed malicious applications to execute code in legitimate apps.
Roid apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020. In August, mobile app security company Oversecured discovered a vulnerability in the Google Play Core Library that allowed malicious applications to execute code in legitimate apps.
The GO SMS Pro Android app has published two new versions on Google Play since a major security weakness was disclosed in November - but neither fixes the original issue, leaving 100 million users at risk for privacy violations, researchers said. That's according to Trustwave SpiderLabs, which originally discovered a security issue that can be exploited to publicly expose private voicemails, video missives and photos sent using the popular messenger app.
GO SMS Pro, an Android instant messaging app with more than 100 million installs, is still exposing the privately shared messages of millions of users even though the developer has been working on a fix for the flaw behind the data leak for almost two weeks. Private files sent by users to contacts who don't have GO SMS Pro installed can be accessed from the app's servers via a shortened URL which redirects to a content delivery network server used to store all shared messages.
Microsoft is reportedly creating a subsystem, similar to the Windows Subsystem for Linux, that allows Android applications to run on Windows 10. Microsoft realizes this and has already started offering limited support for launching Android apps in Windows 10 using the Your Phone app and supported Android devices.
Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details. The two apps in question-Baidu Maps and Baidu Search Box-were found to collect device identifiers, such as the International Mobile Subscriber Identity number or MAC address, without users' knowledge, thus making them potentially trackable online.
Scammers are taking advantage of the Minecraft sandbox video game's wild success by developing Google Play apps which appear to be Minecraft modpacks, but instead deliver abusive ads, according to researchers. Since July, Kaspersky researchers have found more than 20 of these apps and determined that they have been downloaded on more than a million Android devices.