11.8 C
New York
Wednesday, November 25, 2020
Home Trends Android security bug let malicious apps siphon off private user data

Android security bug let malicious apps siphon off private user data

A security vulnerability in Android could have allowed malicious apps to siphon off sensitive data from other apps on the same device.

App security startup Oversecured found the flaw in Google’s widely-used Play Core library, which lets developers push in-app updates and new feature modules to their Android apps, like language packs or game levels.

A malicious app on the same Android device could exploit the vulnerability by injecting malicious modules into other apps that rely on the library to steal private information, like passwords and credit card numbers, from inside the app.

Sergey Toshin, founder of Oversecured, told TechCrunch that exploiting the bug was “pretty easy.”

The startup built a proof-of-concept app using a few lines of code and tested the vulnerability on Google Chrome for Android, which relied on a vulnerable version of the Play Core library. Toshin said the proof-of-concept app was able to steal a victim’s browsing history, passwords, and login cookies.

But Toshin said that the bug also affected some of the most popular apps in the Android app store.

Google confirmed the bug, rated 8.8 out of 10.0 for severity, is now fixed. “We appreciate the researcher reporting this issue to us, and as a result it was patched in March,” said a Google spokesperson.

Toshin said app developers should update their apps with the latest Play Core library to remove the threat.

Source: TechCrunch

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

- Advertisment -

Most Popular

Trade unions to go on nationwide strike on Thursday

Central trade unions will go on a nationwide strike on Thursday and expects participation of over 25 crore workers to protest against various policies...

“Nivar” Is Going To Turn Into “Monster” Cyclone! The Government Announces Public Holidays

Cyclone Nivar, the slow-moving cyclone storm over the tepid waters of the Bay of Bengal, is turning into a monster. On Wednesday evening, "Cyclone Nivar"...

Why Companies Like White Hat JR Deserve To Be Banned & Scrapped Out Of Indian Startup Eco-system

The recent controversy that has erupted between WhiteHat Jr, founder Karan Bajaj, Pradeep Poonia, and Aniruddha Malpani, both of whom have been strong critics...

Punjab farmers start assembling near Haryana borders

Punjab farmers have started assembling near Haryana borders with tractor-trailers for their proposed march to Delhi against the Centre's agriculture-related laws. The Haryana authorities too...

Recent Comments

%d bloggers like this: