Android Bug Could Allow Malicious Apps To Steal User Data From Other Apps

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Once again, Android has made it to the news due to a not so good reason. A researcher has discovered a serious bug in the Android platform. This Android bug could allow malicious apps to steal users’ sensitive data from other apps. Fortunately, a fix is now in place.

Android Bug Allowing To Steal Data From Apps

A security researcher and the founder of app security firm Oversecured, Sergey Toshin, found a serious vulnerability affecting Android. He shared the details of the findings with TechCrunch that disclosed the matter.

As revealed, the researcher found a bug in the Android OS that could facilitate malicious apps in exfiltrating user data. In fact, such apps could exploit the bug to steal sensitive data from other apps running on the target device.

Specifically, the bug existed in the Play Core library that lets the apps developers roll out updates to the apps.

Hence, all apps relying on this component for updates were potentially vulnerable to the threat. Whereas, a malicious app could exploit this component to inject malicious modules to other apps to steal data.

As the proof-of-concept, the researcher even created a test app that could successfully steal data including the passwords, browsing history, login cookies.

Google Patched The Bug

According to the researcher, this bug potentially affected ‘some of the most popular apps’ on Play Store.

This vulnerability, CVE-2020-8913, specifically targeted the SplitCompat.install endpoint in the Play Core Library. The bug has attained a high-severity rating with a CVSS score of 8.8. According to the vulnerability description,

A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a directory traversal, execute code as the targeted application and access the targeted application’s data on the Android device.

Following the discovery for the vulnerability, Google addressed the matter to create a fix.

Consequently, they patched the bug with the release of Play Core Library version 1.7.2 in March 2020.

The researcher urges all app developers to update their applications with the latest Play Core library version to stay protected.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]news.com

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!