Researchers from Georgia Institute of Technology and the Ohio State University have found over 1600 vulnerabilities in the support ecosystem in over 5000 free apps available on?Google's Play Store.
Reuters
These vulnerabilities were spotted in the backend systems that provide content and advertising to smartphone apps with the help of cloud-based servers.
These vulnerabilities, gives access to hackers to breach into databases where personal information exists. This can include memory on a user's device, as per the study which is going to be presented at the 2019 USENIX Security Symposium in the US on August 15, 2019.
Brendan Saltaformaggio, Assistant Professor in Georgia Tech's School of Electrical and Computer Engineering says, "These vulnerabilities affect the servers that are in the cloud, and once an attacker gets on the server, there are many ways they can attack," He further added, "It's a whole new question whether or not they can jump from the server to a user's device, but our preliminary research on that is very concerning."
The researchers have unraveled 983 cases of known vulnerabilities and around 655 instances of zero-day vulnerabilities that spans across the software layers (including software services, operating systems, web applications and communications modules) of the applications.
What's worse is that while the researchers have only looked upon applications in the Google Play Store, similar vulnerabilities could exist in apps on iOS or Apple App Store too.
In order to aid developers to strengthen the security of their mobile apps, the researchers have formed an automated system dubbed SkyWalker to scrutinise the cloud servers as well as software library systems.
Reuters
SkyWalker is capable of analysing the security of the servers supporting mobile apps, which are often controlled by Cloud hosting services instead of individual app developers.
Every other day we witness reports revealing the lax in scrutiny on apps loaded on the Google Play Store. Recently a finding by ESET Malware Researcher Lukas Stefanko revealed that Google Play Store hosted 205 harmful apps in the month of July, 2019. What's worse is that these apps were downloaded over 32 million times in the month of July itself.
We simply wonder when can we expect Play Store to take user privacy and security seriously.