30,000 Google Play Apps Haven’t Patched Security Bug
In August, researchers published a major vulnerability found in older versions of the Play Core library. Play Core is a popular library that developers use within their apps released on the Google Play Store. It allows users to install updates, language packs, and even other apps. This capability makes the exploit so dangerous.
Play Core Provides Easy Exploits
Attackers could easily inject rogue code within other apps and steal sensitive data. This could include virtually anything such as passwords, photos, 2FA codes, and much more. Researchers described the vulnerability as “extremely easy to exploit.”
“All you need to do is to create a ‘hello world’ application that calls the exported intent in the vulnerable app to push a file into the verified files folder with the file-traversal path. Then sit back and watch the magic happen.”
What does that mean? Take a look at the video below.
Nearly 30,000 Google Play Apps Pose Risk
Google provides the Play Core library to developers. Google found out about this bug and patched it back in March. Developers have been urged to update their apps to include the patched library.
So why does a vulnerability announced in August that was patched in March matter today? Because just under 30,000 apps on the Google Play Store still use that old Play Core library.
Most of those apps probably won’t ever make it onto your phone. However, several popular apps may already be there. Prior to Thursday, researchers found affected apps included:
Browsers – Edge (Microsoft), Aloha
Business – * Cisco Teams
Social – Viber
Travel – Booking
Maps and Navigation – Yango Pro (Taximeter), * Moovit
Dating – * Grindr, OKCupid, Bumble
Utilities – Xrecorder, PowerDirector
*Update: Cisco Teams, Grindr, and Moovit just updated their apps to patch the bug.
This situation shows how much attention must go into keeping data secure. We always encourage users to install software and hardware updates whenever possible. However, that isn’t always enough. When choosing devices, apps, or software, it’s important to see how often designers and developers update their software.
For our clients, we can assist with any stage of this process. From choosing software or hardware to updating every component of your technology solutions, we’ll provide answers or solutions in any way we can. If you’re interested in finding out more, just request a consultation below.