Security researchers have seen major Android apps vulnerable to a known flaw that gives attackers access to the users’ phones and data. According to the research, the apps affected are some of the most used and well-known kind.
The affected apps include Bumble, Grindr, OkCupid, Cisco Teams, Moovit, Yango Pro, Edge browser, and so much more. Hundreds of millions of people are vulnerable to potential attacks.
The research shows that the security flaw is located in the Google Play Core library, where developers can push in-app updates and new features to Android apps’ modules. Google managed to fix the flaw in April this year.
The threat exists
Even with the fix, the app developers must install the updated Play core library in their apps to ensure that the apps are secure from threats. Many developers are yet to do this.
The Play core library is the app’s runtime interface with the Google Play Store and affects how it interacts with Google Play Services. The interactions have things like Google Play review mechanisms, dynamic code loading, and delivering locale-specific resources.
Researchers say that if the flaw is exploited, hackers can inject malicious code into vulnerable apps and access the same data that the app has. Most of that information is usually personal and sensitive.
A high severity rating
The patch has a high rating of 8.8/10 for severity. Even though Google patched it, it seems that not all developers have fixed the issue on their end. They have to push the patch to make sure that this specific threat is fully mitigated.
Many apps are still using outdated Play Core libraries. The vulnerability is a particularly dangerous one. Access for hackers is effortless since they know what to exploit and what kind of information they can get, which should remain personal.