Researchers with the University of Michigan recently combed over the Play Store and found that over 400 apps from the sample that they drudged up left some ports open and unsecured in the connections of devices that they were used on, leaving the door open for hackers to compromise those devices. They used a program called OPAnalyzer to scrape around for exploits in a whopping 24,000 apps across various categories in the Play Store, then checked 57 of the positive results by hand. The apps that were found to be vulnerable included a number of widely popular apps with tens of thousands of downloads, with AirDroid being one of the more popular examples.
Apps from the likes of Baidu and Tencent were found to be vulnerable, among others. The researchers discovered trends with apps having certain permissions being more likely to be vulnerable. Some of the most common app permissions found to be linked to vulnerabilities are also some of the most commonly found in apps. These include things like the ability to write to external storage, location permissions, contacts access, and permission to use the camera. Protocols and APIs like data sharing, VoIP functionality, and proxy usage also tended to be linked to apps that featured the open port access vulnerability.
While the vulnerabilities that were found don’t seem to have been exploited by anybody at this point, the results shine a light on a glaring issue with the Play Store. The Play Store and its Verify Apps feature can detect malware, exploits, and other nastiness actually hidden inside apps, it doesn’t actively seek out security holes in apps that could give hackers an open door to compromise users’ devices, insert malicious code into the apps themselves, or otherwise do things that aren’t supposed to be done with apps in the Play Store. It’s obviously not feasible to scan every single submitted app for every known exploit, given the massive number of both, so it becomes a question of what has to be accepted in order to keep the submission and listing systems flowing with minimal security risk, and the current approach is a fairly good compromise.