The cybersecurity company Check Point has detected security flaws in important Google Play applications that have millions of downloads. Popular applications such as Edge Browser or Power Director are some important examples that suffer from this vulnerability. The cybersecurity company Check Point has indicated that the security flaw has not been completely corrected.
- Google Home application starts showing ads
- Google News Showcase is offering people access to paywalled content
- Google Chrome now also detects weak passwords
The breach allows other malicious applications to steal crucial user data such as contacts, login credentials, private messages and other confidential information. Some of the affected applications have millions of downloads.
The vulnerability, in fact, lies in Google Play Core Library, a code created by Google. This section allows applications to speed up the update process by receiving new versions during runtime and adapting updates to the specific configuration of a specific phone model in which the application is running.
The security flaw was discovered in August by the security company Oversecured. Through that flaw, it is possible for the installed application to execute code in any other application that depends on the vulnerable version of the library. And this error opened the possibility for untrustworthy sources to copy files into a folder that was supposed to be reserved only for reliable Google Play code.
Google has already fixed the bug in Google Play against security flaws, however, part of the process to strengthen security against this possible attack depends on other application developers. They must download the updated library and then incorporate it into their application code. According to the results of Check Point’s research, a considerable number of developers continued to use the vulnerable version of the library, therefore, their applications remain a security risk for users.
Applications identified by Check Point includes Edge, XRecorder and PowerDirector, which have been installed on 160 million devices. While fixing this security flaw, it is always a good idea for all users to have a strong antivirus system on all devices, keep them updated on their mobile phones and any applications to receive the code corrections made by the developers, and exercise extreme caution when downloading any application.