Bugs Found in Thousands of Free Android Apps on Google Play Store
More than 1,600 vulnerabilities have been found in more than 5,000 apps on the Google Play Store.
Cybersecurity researchers have identified more than 1,600 vulnerabilities in the support ecosystem behind the top 5,000 free apps available in the Google Play Store.
While the researchers from Georgia Institute of Technology and The Ohio State University studied only applications in the Google Play Store, applications designed for iOS may share the same backend systems.
The vulnerabilities were found in the backend systems that feed content and advertising to smartphone applications through a network of cloud-based servers.
"These vulnerabilities affect the servers that are in the Cloud, and once an attacker gets on the server, there are many ways they can attack," said Brendan Saltaformaggio, Assistant Professor in Georgia Tech's School of Electrical and Computer Engineering.
The researchers were still investigating whether attackers could get into individual mobile devices connected to vulnerable servers.
"It's a whole new question whether or not they can jump from the server to a user's device, but our preliminary research on that is very concerning," Saltaformaggio added.
To help developers improve the security of their mobile apps, the researchers have created an automated system called SkyWalker to vet the Cloud servers and software library systems.
SkyWalker can examine the security of the servers supporting mobile applications, which are often operated by Cloud hosting services rather than individual app developers.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)