Several high profile Android apps still have vulnerabilities discovered years ago

Several high profile Android apps still have vulnerabilities discovered years ago 1
Cutting corners: Research shows that trusting Google to be the best gatekeeper for the Play Store isn’t the best idea. The company is putting a lot of effort into finding apps that are malicious or contain severe security vulnerabilities, but usually after letting them into the Store with as little vetting as possible. Experts are calling attention to a new point of attack that can even be used against some of the most popular apps.

Most people use smartphones without worrying about the security of essential apps we use in our daily lives. Google routinely removes apps that are found to contain malware or adware, as well as apps that are crafted specifically to dupe you into paying for subscriptions. And most of us would assume that updating our apps and mobile operating system to the latest revisions means that any potential for security vulnerabilities are reduced to a minimum.

It turns out that isn’t the case, even for big name apps. According to a report from cybersecurity firm Check Point, there are tens of vulnerabilities that are found every day, some of them in the apps themselves and others in external shared code libraries that are used by those apps to enable specific features. Updating them to keep up with the most current security threats is a monumental task, so app developers have to prioritize which ones get fixed first.

The researchers decided to take a look at how many apps in the Google Play Store are currently still using vulnerable libraries. They hunted specifically for three vulnerabilities that are rated critical and were disclosed in 2014, 2015, and 2016. This won’t surprise the infosec community, but the resulting list includes over 800 popular Android apps and games that have been downloaded a total of 5 billion times.

Among the affected apps are some that people use very frequently, like Facebook, WeChat, Messenger, Instagram, AliExpress, TuneIn and SHAREit. The shared libraries have all been updated since the vulnerabilities were discovered, but new versions of those popular apps still use the outdated libraries.

Facebook says that’s not a problem because of the way its apps are coded, those vulnerabilities are useless for potential attackers. Google is currently investigating and trying its best to push app developers to work on fixes. Then again, the company wanted to flood its app store with apps with permissive policies, which ultimately led to a situation where new apps aren’t vetted properly and popular apps don’t get fixed unless there is public pressure to do so.

Check Point researchers note that while the apps might not use those old libraries that often, that still doesn’t count as good security. The vulnerabilities selected for this analysis are likely not the only ones, and they leave an open door for determined attackers, who are more likely to try and exploit a well-known vulnerability as opposed to the latest techniques.

This may not be as big of an issue as apps that imitate the look and feel of popular apps to siphon your personal data. And app developers may dismiss the new findings as insignificant. But you only need to look at Google’s bug bounty programs to see why keeping track of all external components of mobile apps is worth it.

This year over 1,000 Android apps were found to harvest your personal data even after you deny them any relevant permissions after installing them. Interestingly enough, the apps themselves were relatively secure, but they used third-party libraries that were littered with code that could be used for data collection.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Crypto Scams

The Largest Crypto Scams Of 2022 (So Far)
The Largest Crypto Scams Of 2022 (So Far)
June 14, 2022
How Do Scammers Entice Their Prey?
May 10, 2022
Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
April 23, 2022
Joon Pak Head of Crypto at Prove talks to Us about Crypto Fraud And More
April 11, 2022
Mintable CEO Zach Burks Talks to Us about the Opensea Stolen NFTs and Their Recovery
March 21, 2022

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

Roundtable Interview-What is the Effect of The Russia-Ukraine War on Cryptocurrency Prices?
March 4, 2022
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin21,021 0.55 % 0.45 % 2.68 %
Ethereum1,187.4 0.73 % 0.84 % 9.15 %
Tether1.001 0.04 % 0.13 % 0.01 %
USD Coin0.9989 0.16 % 0.08 % 0.04 %
BNB232.07 0.91 % 1.25 % 7.36 %
Binance USD1.002 0.24 % 0.04 % 0.09 %
XRP0.3572 1.18 % 1.31 % 10.80 %
Cardano0.9566 0.22 % 0.68 % 6.96 %
Solana40.07 0.55 % 0.16 % 29.80 %
Polkadot7.850 1.12 % 3.21 % 7.23 %

Bitcoin (BTC) $ 21,118.00
Ethereum (ETH) $ 1,196.41
Tether (USDT) $ 1.00
USD Coin (USDC) $ 1.00
BNB (BNB) $ 234.08
XRP (XRP) $ 0.360393
Binance USD (BUSD) $ 1.00
Cardano (ADA) $ 0.485971
Solana (SOL) $ 40.32
Polkadot (DOT) $ 7.93