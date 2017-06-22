Study: Vault Apps Do Not Properly Secure Images Or Videos

A new study released by the BT has detailed the major security flaws of vault apps. Vault apps are applications that device owners use to protect images and videos from hackers. However, the study revealed that this trust is somewhat misplaced, as some vault applications are actually quite easy to hack. Once hacked, people with malicious intent may then retrieve the images from the device and bypass the supposed protection given by the vault applications. Some of the key concerns raised by the security researchers from the BT regarding vault applications include what kind of protection is given by vault apps to both the images and sensitive login information, whether the backups settings of these applications allow the data to be retrieved from the device, whether certain activities may bypass the authentication screen, and if there is a risk of sensitive information being leaked.

The study focused on ten vault apps, almost all of which have been installed in more than a million devices. After downloading the applications, the researchers placed user files and data under the protection of the vault apps and then checked the protection that was given to the images and other sensitive information. After the study was conducted, researchers found out that some of the applications did not provide any real protection to the images and some of the app’s login information are stored in text format. In addition, the app’s sensitive files are placed in the same directories across all the devices, making it substantially easier to retrieve the images. Moreover, all applications tested have security flaws that may lead to the leakage of sensitive information like the email account used for recovery, security questions, and pattern hash.

Given the popularity of these vault applications, many users are at risk of having their sensitive information and images retrieved from their devices. Security researchers stated that it only takes one malicious application, which could take the form of an innocent game or game manual app, in order to retrieve the images and send them over to the attacker’s server. While Google Play Store’s Bouncer code provides the first line of protection against malware applications, there have been instances that rogue apps circumvented Google’s security features. Hence, it is beneficial for users to be extra vigilant in order to prevent instances of blackmail resulting from the retrieved images.