Active Stocks
Mon Apr 15 2024 15:59:36
  1. Tata Steel share price
  2. 160.90 -1.59%
  1. ITC share price
  2. 425.90 -0.98%
  1. State Bank Of India share price
  2. 757.75 -1.17%
  1. ICICI Bank share price
  2. 1,078.80 -2.30%
  1. NTPC share price
  2. 361.35 -0.08%
Business News/ Companies / News/  Millions of Android users at security risk due to Google Play Store bug: Report
BackBack

Millions of Android users at security risk due to Google Play Store bug: Report

Though Google had patched the bug in April, many of the app developers are still using the outdated version of GPC, which is where the bug was found
  • Bumble, OkCupid, Grindr, Microsoft Edge, Cisco Teams, Viber and Booking are some of the popular apps, which were red flagged by Check Point
  • Though Google Play Store is considered one of the most trusted app stores in the Android ecosystem, it is far from being fully secure (MINT_PRINT)Premium
    Though Google Play Store is considered one of the most trusted app stores in the Android ecosystem, it is far from being fully secure (MINT_PRINT)

    Some of the popular dating, travel and video calling apps on Google Play Store are vulnerable to a known bug CVE-2020-8913, which can be exploited by threat actors to inject malicious codes into them and steal personal information or spy on users, researchers at Check Point found.

    Check Point believes that hundreds of millions of Android users are still at significant security risk because of it.

    Though Google had patched the bug in April and had rated it 8.8 out of 10 for its severity, many of the app developers are still using the outdated version of Google Core Library (GPC), which is where the bug was found. GPC enables developers to roll out in-app updates and new feature modules in their apps.

    In September, researchers at Check Point randomly tested some of the popular Google Play Store apps and found that 13% of them were using GPC and 8% of them were still using the vulnerable version.

    Bumble, OkCupid, Grindr, Microsoft Edge, Cisco Teams, Viber and Booking are some of the popular apps, which were red flagged by Check Point.

    Check Point had notified the app developers about the vulnerability before making their findings public. Viber and Booking were among the first to update to the patched version, they claim.

    "This described issue has been identified by our security team a month ago and it was fixed in Viber's new version," the company said in a statement to Mint.

    "We’re estimating that hundreds of millions of Android users are at security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries," Aviran Hazum, manager of Mobile Research, Check Point said in a statement.

    Hazum warns, the vulnerability is highly dangerous and a malicious application can exploit it to steal two-factor authentication codes or inject code into banking applications to steal credentials. They could also inject malicious codes into social media apps and spy on users or in messaging apps to intercept messages.

    Though Google Play Store is considered one of the most trusted app stores in the Android ecosystem, it is far from being fully secure. Bugs and apps with hidden malwares have been frequently detected and reported by security researchers from Google and various cybersecurity firms.

    Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!

    ABOUT THE AUTHOR
    Abhijit Ahaskar
    Abhijit writes on tech policy, gaming, security, AI, robotics, electronics and startups. He has been in the media industry for over 12 years.
    Catch all the Corporate news and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
    More Less
    Published: 07 Dec 2020, 06:45 PM IST
    Next Story footLogo
    Recommended For You
    Switch to the Mint app for fast and personalized news - Get App