Several high profile Android apps still have vulnerabilities discovered years ago

Several high profile Android apps still have vulnerabilities discovered years ago 1
Cutting corners: Research shows that trusting Google to be the best gatekeeper for the Play Store isn’t the best idea. The company is putting a lot of effort into finding apps that are malicious or contain severe security vulnerabilities, but usually after letting them into the Store with as little vetting as possible. Experts are calling attention to a new point of attack that can even be used against some of the most popular apps.

Most people use smartphones without worrying about the security of essential apps we use in our daily lives. Google routinely removes apps that are found to contain malware or adware, as well as apps that are crafted specifically to dupe you into paying for subscriptions. And most of us would assume that updating our apps and mobile operating system to the latest revisions means that any potential for security vulnerabilities are reduced to a minimum.

It turns out that isn’t the case, even for big name apps. According to a report from cybersecurity firm Check Point, there are tens of vulnerabilities that are found every day, some of them in the apps themselves and others in external shared code libraries that are used by those apps to enable specific features. Updating them to keep up with the most current security threats is a monumental task, so app developers have to prioritize which ones get fixed first.

The researchers decided to take a look at how many apps in the Google Play Store are currently still using vulnerable libraries. They hunted specifically for three vulnerabilities that are rated critical and were disclosed in 2014, 2015, and 2016. This won’t surprise the infosec community, but the resulting list includes over 800 popular Android apps and games that have been downloaded a total of 5 billion times.

Among the affected apps are some that people use very frequently, like Facebook, WeChat, Messenger, Instagram, AliExpress, TuneIn and SHAREit. The shared libraries have all been updated since the vulnerabilities were discovered, but new versions of those popular apps still use the outdated libraries.

Coinbase 3

Facebook says that’s not a problem because of the way its apps are coded, those vulnerabilities are useless for potential attackers. Google is currently investigating and trying its best to push app developers to work on fixes. Then again, the company wanted to flood its app store with apps with permissive policies, which ultimately led to a situation where new apps aren’t vetted properly and popular apps don’t get fixed unless there is public pressure to do so.

Check Point researchers note that while the apps might not use those old libraries that often, that still doesn’t count as good security. The vulnerabilities selected for this analysis are likely not the only ones, and they leave an open door for determined attackers, who are more likely to try and exploit a well-known vulnerability as opposed to the latest techniques.

This may not be as big of an issue as apps that imitate the look and feel of popular apps to siphon your personal data. And app developers may dismiss the new findings as insignificant. But you only need to look at Google’s bug bounty programs to see why keeping track of all external components of mobile apps is worth it.

This year over 1,000 Android apps were found to harvest your personal data even after you deny them any relevant permissions after installing them. Interestingly enough, the apps themselves were relatively secure, but they used third-party libraries that were littered with code that could be used for data collection.

Several high profile Android apps still have vulnerabilities discovered years ago 2
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

Leave a Reply

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 32,690.00
ethereum
Ethereum (ETH) $ 1,909.92
tether
Tether (USDT) $ 0.997613
binance-coin
Binance Coin (BNB) $ 285.96
cardano
Cardano (ADA) $ 1.21
dogecoin
Dogecoin (DOGE) $ 0.226335
xrp
XRP (XRP) $ 0.627747
usd-coin
USD Coin (USDC) $ 0.999530
polkadot
Polkadot (DOT) $ 14.96
binance-usd
Binance USD (BUSD) $ 0.999639
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 32,690.00
ethereumEthereum (ETH)
$ 1,909.92
tetherTether (USDT)
$ 0.997613
bitcoin-cashBitcoin Cash (BCH)
$ 461.41
litecoinLitecoin (LTC)
$ 124.99
bitcoinBitcoin (BTC)
27.464,67
ethereumEthereum (ETH)
1.604,63
tetherTether (USDT)
0,838150
bitcoin-cashBitcoin Cash (BCH)
387,66
litecoinLitecoin (LTC)
105,01
bitcoinBitcoin (BTC)
23,505.58
ethereumEthereum (ETH)
1,373.32
tetherTether (USDT)
0.717329
bitcoin-cashBitcoin Cash (BCH)
331.77
litecoinLitecoin (LTC)
89.87

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020
KuCoin hackers steal $150 million
KuCoin Exchange Hacked But Insurance Will Cover The Stolen $150M
September 29, 2020
Mining City insists that it is legit
Mining City Refutes Claims By Philippines SEC Of Being A Scam
September 23, 2020

Blockchain/Cryptocurrency Questions and Answers

What Is Plethori Platform And How Does It Work?
June 12, 2021
What Is The Fudge Token?
What Is The Fudge Token?
June 5, 2021
What Is Shiba Inu (SHIB) Cryptocurrency And How Does It Work?
What Is Shiba Inu (SHIB) Cryptocurrency And How Does It Work?
May 31, 2021
What Is PancakeSwap And How Does It Work?
What Is PancakeSwap And How Does It Work?
May 27, 2021
How Has Internet Computer (ICP) Become A Top-10 Crypto?
How did “Internet Computer Coin”(ICP) Become A Top-5 Crypto?
May 19, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin32,336 1.89 % 5.18 % 15.62 %
Ethereum1,888.6 1.73 % 6.57 % 20.17 %
Tether0.9976 0.23 % 0.71 % 0.09 %
Binance Coin282.44 2.32 % 2.44 % 18.47 %
Cardano1.210 0.46 % 2.96 % 18.10 %
Dogecoin0.2242 1.98 % 4.83 % 27.04 %
XRP0.6220 1.93 % 1.36 % 25.58 %
USD Coin0.9983 0.09 % 0.70 % 0.22 %
Polkadot14.72 3.01 % 10.88 % 35.54 %
Binance USD0.9905 0.44 % 1.39 % 0.89 %

bitcoin
Bitcoin (BTC) $ 32,690.00
ethereum
Ethereum (ETH) $ 1,909.92
tether
Tether (USDT) $ 0.997613
binance-coin
Binance Coin (BNB) $ 285.96
cardano
Cardano (ADA) $ 1.21
dogecoin
Dogecoin (DOGE) $ 0.226335
xrp
XRP (XRP) $ 0.627747
usd-coin
USD Coin (USDC) $ 0.999530
polkadot
Polkadot (DOT) $ 14.96
binance-usd
Binance USD (BUSD) $ 0.999639