Home / Companies / News /  Millions of Android users at security risk due to Google Play Store bug: Report
Back

Millions of Android users at security risk due to Google Play Store bug: Report

1 min read . Updated: 09 Dec 2020, 10:22 PM IST Abhijit Ahaskar
Though Google Play Store is considered one of the most trusted app stores in the Android ecosystem, it is far from being fully secure (MINT_PRINT)Premium
Though Google Play Store is considered one of the most trusted app stores in the Android ecosystem, it is far from being fully secure (MINT_PRINT)

  • Though Google had patched the bug in April, many of the app developers are still using the outdated version of GPC, which is where the bug was found
  • Bumble, OkCupid, Grindr, Microsoft Edge, Cisco Teams, Viber and Booking are some of the popular apps, which were red flagged by Check Point

Some of the popular dating, travel and video calling apps on Google Play Store are vulnerable to a known bug CVE-2020-8913, which can be exploited by threat actors to inject malicious codes into them and steal personal information or spy on users, researchers at Check Point found.

Check Point believes that hundreds of millions of Android users are still at significant security risk because of it.

Though Google had patched the bug in April and had rated it 8.8 out of 10 for its severity, many of the app developers are still using the outdated version of Google Core Library (GPC), which is where the bug was found. GPC enables developers to roll out in-app updates and new feature modules in their apps.

In September, researchers at Check Point randomly tested some of the popular Google Play Store apps and found that 13% of them were using GPC and 8% of them were still using the vulnerable version.

Bumble, OkCupid, Grindr, Microsoft Edge, Cisco Teams, Viber and Booking are some of the popular apps, which were red flagged by Check Point.

Check Point had notified the app developers about the vulnerability before making their findings public. Viber and Booking were among the first to update to the patched version, they claim.

"This described issue has been identified by our security team a month ago and it was fixed in Viber's new version," the company said in a statement to Mint.

"We’re estimating that hundreds of millions of Android users are at security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries," Aviran Hazum, manager of Mobile Research, Check Point said in a statement.

Hazum warns, the vulnerability is highly dangerous and a malicious application can exploit it to steal two-factor authentication codes or inject code into banking applications to steal credentials. They could also inject malicious codes into social media apps and spy on users or in messaging apps to intercept messages.

Though Google Play Store is considered one of the most trusted app stores in the Android ecosystem, it is far from being fully secure. Bugs and apps with hidden malwares have been frequently detected and reported by security researchers from Google and various cybersecurity firms.

ABOUT THE AUTHOR
Abhijit Ahaskar
Abhijit writes on tech policy, gaming, security, AI, robotics, electronics and startups. He has been in the media industry for over 12 years.
Catch all the Corporate news and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
More Less
OPEN IN APP
Recommended For You

Wait for it…

Log in to our website to save your bookmarks. It'll just take a moment.

Yes, Continue

You are just one step away from creating your watchlist!

Login Now

Wait for it…

Oops! Looks like you have exceeded the limit to bookmark the image. Remove some to bookmark this image.

Your session has expired, please login again.

Yes, Continue
×
Get alerts on WhatsApp
 Set Preferences My ReadsWatchlistFeedbackRedeem a Gift CardLogout