Home / Android / Android security bug let malicious apps siphon off private user data

Android security bug let malicious apps siphon off private user data

Advertisements


A security vulnerability in Android could have allowed malicious apps to siphon off sensitive data from other apps on the same device.

App security startup Oversecured found the flaw in Google’s widely-used Play Core library, which lets developers push in-app updates and new feature modules to their Android apps, like language packs or game levels.

A malicious app on the same Android device could exploit the vulnerability by injecting malicious modules into other apps that rely on the library to steal private information, like passwords and credit card numbers, from inside the app.

Sergey Toshin, founder of Oversecured, told TechCrunch that exploiting the bug was “pretty easy.”

The startup built a proof-of-concept app using a few lines of code and tested the vulnerability on Google Chrome for Android, which relied on a vulnerable version of the Play Core library. Toshin said the proof-of-concept app was able to steal a victim’s browsing history, passwords, and login cookies.

But Toshin said that the bug also affected some of the most popular apps in the Android app store.

Google confirmed the bug, rated 8.8 out of 10.0 for severity, is now fixed. “We appreciate the researcher reporting this issue to us, and as a result it was patched in March,” said a Google spokesperson.

Toshin said app developers should update their apps with the latest Play Core library to remove the threat.

Advertisements




Source link

About admin

I'm a 50 year old PLC programmer from Burnley, UK. I severed my time as an electrician in the baking industry and soon got involved with the up and coming technology of PLC's. Initially this was all based in the Uk but as the years went by I have gradually worked my way around the globe. At first it was mainly Mitsubishi with a bit of Modicon thrown in but these days the industry leaders seem to be the Allen Bradley range of PLC and HMI’s.

Check Also

Android 11 has arrived

Google today announced the launch of Android 11, the latest version of its mobile operating ...

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements