Home / Security / Security: Android security bug let malicious apps siphon off private user data

Security: Android security bug let malicious apps siphon off private user data

Security:

A security vulnerability in Android could have allowed malicious apps to siphon off sensitive data from other apps on the same device.

App security startup Oversecured found the flaw in Google’s widely-used Play Core library, which lets developers push in-app updates and new feature modules to their Android apps, like language packs or game levels.

A malicious app on the same Android device could exploit the vulnerability by injecting malicious modules into other apps that rely on the library to steal private information, like passwords and credit card numbers, from inside the app.

Sergey Toshin, founder of Oversecured, told TechCrunch that exploiting the bug was “pretty easy.”

The startup built a proof-of-concept app using a few lines of code and tested the vulnerability on Google Chrome for Android, which relied on a vulnerable version of the Play Core library. Toshin said the proof-of-concept app was able to steal a victim’s browsing history, passwords, and login cookies.

But Toshin said that the bug also affected some of the most popular apps in the Android app store.

Google confirmed the bug, rated 8.8 out of 10.0 for severity, is now fixed. “We appreciate the researcher reporting this issue to us, and as a result it was patched in March,” said a Google spokesperson.

Toshin said app developers should update their apps with the latest Play

Read More

About admin

Check Also

Security: Former DHS official on Trump revealing secret intel: This is damning

Security: Former DHS official on Trump revealing secret intel: This is damning

Former Department of Homeland Security Chief of Staff MilesTaylor reacts to President trump revealing top secret information about a new nuclear weapon system to journalist Bob Woodward during an interview.

Leave a Reply

Your email address will not be published. Required fields are marked *