Popular Android Apps Are Vulnerable Due to Google Play’s Major Flaw

Many popular Android apps are currently vulnerable to dangerous hacks. A major flaw in Google Play Core Library is causing this issue.

Markus Spikes Iar on Unsplash

Most of these applications are receiving hundreds of millions of downloads. This is obviously bad news since most of the apps are used by many people across the world.

These include the PowerDirector video editor, the XRecorder video and screen recorder, the Edge Browser, and many more. The Android apps are commonly used during the pandemic since most works are now home-based.

Security researchers explained that this is a serious security issue right now. Why? Because Google Play Core Library is a collection of Google codes.

This area allows apps to streamline the update process. The Android apps can do it by receiving new versions during runtime and tailoring updates.

These system updates happen in an app’s specific configuration or a specific model the app is running on.

Google Play Core Library’s flaw

The new flaw in Google Play Library came from a directory traversal issue. The previous security flaw allowed hackers to copy files to a folder.

Arget on Unsplash

However, the folder is supposed to be reserved only for trusted code received from Google Play. The new vulnerability breaches core protection built into the Android operating system.

This security layer prevents an app from accessing data or code from any other app. Google announced that it already patched the major flaw in April.

But, developers still need to download the updated library. They also need to incorporate it into their app code to fix the vulnerable apps.

As of the moment, security experts are still seeing numerous developers using the vulnerable library version.

The new flaw allows hackers to access user’s Dropbox account

Check Point, the security firm that discovered the issue, used a proof-of-concept malicious app. This allowed the researchers to steal an authentication cookie from Chrome’s old version.

They found out that the attacker can gain unauthorized access to a victim’s Dropbox account using the cookie. Check Point also identified 14 apps with combined downloads of around 850 million.

It will be a serious problem once they are breached. Why? Because they also have 160 million total installations.

As of the moment, Check Point hasn’t confirmed if these vulnerable apps are already fixed.

Protecting your Android apps

There are lots of ways for you to protect your Android apps. The first thing you need to do is to enforce secure communication.

This means that you should safeguard the data that you exchange between your app and other applications. Once you complete that, your app’s stability will improve.

It will also enhance the security protection of the data you send and receive. Using signature-based permissions is also great protection.

These permissions will check if the apps accessing the data are signed using the same signing key. It doesn’t require any user confirmation, making it more convenient for you.

Here are other methods you can use;

Exit mobile version