Leave a comment

Huge Google Play flaw exposes personal info

Google Play - Google's massive app store - has had its share of trouble over the years, and is still a place you need to be careful if you don't want to download a malicious app. Unfortunately, the latest problem that researchers found is a doozy.

Two researchers, Jason Nieh and Nicolas Viennot of Columbia Engineering, decided to do their own security check on Google Play. So they made a special app and uploaded it to the store.

Using the app, called PlayDrone, the researchers were able to get around Google Play's security and download 1.1 million apps at once. Amazingly, that's not the big problem in this story.

The problem was when they looked inside 880,000 of those apps. The researchers found that many app developers included their secret developer key in the code.

I won't go into the details of the cryptography, but the upshot is that a hacker could use the key to log in to the app developer's servers and pull private information - including information on other app users.

Oh, by the way, developers that did this include Facebook and Amazon.

Before you delete your Android apps, though, you should know that removing them won't change anything. The app developers already have your information, and they don't delete it right away when you remove an app.

Fortunately, Google has already let the offending app developers know about this problem so they can change their keys and update their apps with different ones. You might have seen a huge number of apps updating on your phone over the last few days.

So, the problem should be solved for now. Google is also going to use the researchers' method of scanning apps so it can find problems like this in the future.

You can't defend against every security threat on your own, but you can be sure you have the basics covered. Here are 7 essential steps to secure your smartphone - or tablet - that you need to know.

Next Story
Source: Phys.org
Drones now banned in all National Parks
Previous Happening Now

Drones now banned in all National Parks

Heartbleed: Half of affected servers are still wide-open
Next Happening Now

Heartbleed: Half of affected servers are still wide-open

View Comments ()