This Android security bug let malicious apps siphon off private user data

Any malicious app on an Android device could have exploited this bug to inject malicious modules into other apps that rely on Google’s Play core.

By: HT TECH
| Updated on: Aug 20 2022, 22:40 IST
A Google spokesperson said that appreciate that the researcher reporting this issue to them and the vulnerability was fixed in March this year.
A Google spokesperson said that appreciate that the researcher reporting this issue to them and the vulnerability was fixed in March this year. (Pixabay)

A security vulnerability was discovered in Android that could have allowed malicious apps to siphon off sensitive data from other apps on the device.

App security startup Oversecured found the vulnerability in Google's widely used Play Core library. Play Core lats developers push in-app updates and new feature modules to the Android apps like language packs or game levels, reports TechCrunch.

You may be interested in

MobilesTablets Laptops
2% OFF
Google Pixel 7 5G
  • Obsidian
  • 8 GB RAM
  • 128 GB Storage
2% OFF
Google Pixel 128GB
  • Black
  • 4 GB RAM
  • 128 GB Storage
48% OFF
Samsung Galaxy S22 Plus
  • Green
  • 8 GB RAM
  • 128 GB Storage
5% OFF
Google Pixel 6
  • Stormy Black
  • 8 GB RAM
  • 128 GB Storage

Any malicious app on an Android device could have exploited this bug to inject malicious modules into other apps that rely on Google's Play core. This would have helped the malicious apps steal private information like passwords, credit card numbers etc from the apps.

Also read
Looking for a smartphone? To check mobile finder click here.

Founder of Oversecured Serget Toshin told TechCrunch that exploiting this Android bug was “pretty easy”.

Oversecured built a proof-of-concept app using a few lines of code and tested the vulnerability on Google Chrome for Android which relied on a vulnerable version of the Play Core library. Toshin told TechCrunch that the proof-of-concept app was able to steal a victim's browsing history, passwords and login cookies.

Toshin added that the bug also affected some of the most popular apps on the Android app store.

Google has confirmed this bug has now been fixed. The bug was rated it 8.8 out of 10.0 for severity. A Google spokesperson said that appreciate that the researcher reporting this issue to them and the vulnerability was fixed in March this year.

To make sure your apps are free from this issue, all users need to update their apps with the latest Play Core library.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 29 Aug, 18:20 IST
Tags:
NEXT ARTICLE BEGINS