Android apps with millions of downloads are vulnerable to serious attacks

Android apps with millions of downloads are vulnerable to serious attacks

Enlarge (credit: Aurich Lawson)

Android apps with hundreds of millions of downloads are vulnerable to attacks that allow malicious apps to steal contacts, login credentials, private messages, and other sensitive information. Security firm Check Point said that the Edge Browser, the XRecorder video and screen recorder, and the PowerDirector video editor are among those affected.

The vulnerability actually resides in the Google Play Core Library, which is a collection of code made by Google. The library allows apps to streamline the update process by, for instance, receiving new versions during runtime and tailoring updates to an individual app’s specific configuration or a specific phone model the app is running on.

A core vulnerability

In August, security firm Oversecured disclosed a security bug in the Google Play Core Library that allowed one installed app to execute code in the context of any other app that relied on the vulnerable library version.

Read 7 remaining paragraphs | Comments



https://ift.tt/37z0yG3

Comments