Google’s application store has security measures in place to prevent infected applications from being offered to Android users. However, it happens quite regularly that malicious apps bypass the security mechanisms of the Play Store. Apps offered outside of the official Android store also pose security risks. According to an academic study carried out jointly by two American universities and a German university, the problem would affect thousands of applications.
To carry out their study, the researchers developed a special tool to analyze the form fields of more than 150,000 applications, reports ZDNet. They were interested in the 100,000 most popular apps in the Play Store, but also in the 20,000 best apps hosted on third-party stores, as well as in the 30,000 apps pre-installed on Samsung smartphones. “The evaluation revealed a worrying situation. We have identified 12,706 applications containing a variety of backdoors such as secret access keys, administrator passwords and secret commands, ”they concluded.
According to the researchers, these backdoors would make it easier for malicious people who want to gain unauthorized access to user accounts. What is more, if hackers manage to get their hands on a device on which one of the stolen apps is installed, they could access the phone and execute code on the device with elevated privileges.
Significant risks
The risks are real. “By manually examining multiple mobile apps, we discovered that a popular remote control app (10 million installs) contains a master password that can unlock access even if the phone owner locks it remotely by loss of the device, "said the study authors. And this is just one example. In their study, the researchers listed several other scenarios.
Obviously, the authors of the study contacted the developers of applications exhibiting hidden behavior or backdoor mechanisms, but unfortunately not all of them responded. As a security measure, the researchers changed the names of the compromised applications in their report.
High-Tech
Google Unveils New Preview of Android 11 and What's New
High-Tech
Cerberus: Even strong authentication codes are no longer immune to malware
- Cybersecurity
- Personal data
- Hacker
- Application
- Smartphone
- High-Tech
- Android
- Mobile app
- Cyber attack