11.8 C
New York
Sunday, November 29, 2020
Home Trends Android security bug let malicious apps siphon off private user data

Android security bug let malicious apps siphon off private user data

A security vulnerability in Android could have allowed malicious apps to siphon off sensitive data from other apps on the same device.

App security startup Oversecured found the flaw in Google’s widely-used Play Core library, which lets developers push in-app updates and new feature modules to their Android apps, like language packs or game levels.

A malicious app on the same Android device could exploit the vulnerability by injecting malicious modules into other apps that rely on the library to steal private information, like passwords and credit card numbers, from inside the app.

Sergey Toshin, founder of Oversecured, told TechCrunch that exploiting the bug was “pretty easy.”

The startup built a proof-of-concept app using a few lines of code and tested the vulnerability on Google Chrome for Android, which relied on a vulnerable version of the Play Core library. Toshin said the proof-of-concept app was able to steal a victim’s browsing history, passwords, and login cookies.

But Toshin said that the bug also affected some of the most popular apps in the Android app store.

Google confirmed the bug, rated 8.8 out of 10.0 for severity, is now fixed. “We appreciate the researcher reporting this issue to us, and as a result it was patched in March,” said a Google spokesperson.

Toshin said app developers should update their apps with the latest Play Core library to remove the threat.

Source: TechCrunch

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

- Advertisment -

Most Popular

“New India” Officially Entered Into Recession with 7.5% shrink in Economy. Congratulations To PM Modi For Working So Hard For 18 Hours To Achieve...

The Indian economy has Officially hit a Technical Recession, with the Gross Domestic Product (GDP) contracting to 7.5% in the July – September period. The...

Iran’s supreme leader vows revenge over slain scientist

Iran's supreme leader on Saturday called for the definitive punishment of those behind the killing of a scientist linked to Tehran's disbanded military nuclear...

JJP urges Centre to immediately hold talks with farmers

The Jannayak Janta Party, the BJP's coalition partner in Haryana, on Saturday urged the Centre to immediately hold talks with farmers protesting against the...

India’s GDP Shrinks by 7.5 %, The Worst In Decades!

According to the data released on Friday by the Union Ministry of Statistics and Program Implementation (Mospi), India’s GDP (gross domestic product) shrank by...

Recent Comments

%d bloggers like this: