Android apps with millions of downloads are vulnerable to serious attacks

December 04, 2020

Android apps with millions of downloads are vulnerable to serious attacks

Android apps with hundreds of millions of downloads are vulnerable to attacks that allow malicious apps to steal contacts, login credentials, private messages, and other sensitive information. Security firm Check Point said that the Edge Browser, the XRecorder video and screen recorder, and the PowerDirector video editor are among those affected.

The vulnerability actually resides in the Google Play Core Library, which is a collection of code made by Google. The library allows apps to streamline the update process by, for instance, receiving new versions during runtime and tailoring updates to an individual app’s specific configuration or a specific phone model the app is running on.

A core vulnerability

In August, security firm Oversecured disclosed a security bug in the Google Play Core Library that allowed one installed app to execute code in the context of any other app that relied on the vulnerable library version.

Read 7 remaining paragraphs | Comments

from Tech – Ars Technica https://ift.tt/3qvoXoi

Search This Blog

Technology Gyan

Android apps with millions of downloads are vulnerable to serious attacks

A core vulnerability

Comments

Post a Comment

Popular Posts

Microsoft declares its underwater data center test was a success

Logitech announces $70 webcams with USB-C, built-in shutters