These Popular Android Apps Hack Millions of Phones

Applications for smartphones have become everyday items for users. However, be aware that vulnerability can pose a severe risk. For this reason, it is not uncommon for cybersecurity experts to recommend having downloaded only those apps that are necessary and always keep them updated in their latest version. Recently, the specialized firm CheckPoint has discovered that several popular Android applications have been vulnerable to cyberattacks for months that could lead to user data theft.

Among the services that are vulnerable to hacking are dating platforms (Grindr, OkCupid, Bumble), navigation (Edge), maps (Yango Pro), utilities (Xrecorde r, PowerDirector), social (Viber), business (Cisco Teams) or trips (Booking).

The company highlights that these apps’ security failure is part of an error in Google’s Play Core library. It allows developers to introduce updates and new feature modules in Android applications.

Google Play Core Library is posing a threat to user security

As detailed by Check Point, Google recognized and patched the error on April 6, 2020, rating it 8.8 out of 10 according to the severity level. 13% of Android applications use the Play Core tool. Based on what the cybersecurity firm observed during the investigation, 8% of them, have not incorporated the necessary patch to their platforms. So, the vulnerability is still valid.

Check Point explained that Play Core is a library of Android functions. It helps with application development and does not force you to create your own. The problem is that when a library is vulnerable, it is not enough for the manufacturer to solve the problem. Thus, the user must adopt the necessary changes.

The vulnerability allows adding executable modules to any application that uses the library. Which means that any code could be injected into them. The cybercriminal who has installed an application with malware on the victim’s device could steal private information. Including details such as login details, passwords, financial information, and even access email.

A cybercriminal can attack applications from within and steal data. He just needs to get the victim to download another malicious app from the internet on your phone. To prevent this from happening, experts recommend downloading all applications from official stores.

In recent months, the existing applications, that pose as tools for tracking Covid-19, has been alerted. It is also quite common to impersonate well-known apps, such as Instagram, Facebook, or another social networking service. They are often found on fraudulent web pages or malicious emails.

Hundreds of millions of Android users are exposed to this security flaw, as many applications still use outdated Play Core libraries.