X

Google's Widespread Android App Was A Security Risk… Until Recently

Privacy Cyber Security AH Nov AH 2019
Advertisement
Advertisement

According to a new report by Oversecured’s Sergey Toshin, Google’s popular Android app was a security risk, until recently. This app has over 5 billion downloads, and it has been patched following the researcher’s report.

Google’s well-known Android was was a serious security risk, but it’s patched up now

The app in question is called ‘Google’, which you’ll find on pretty much every Android phone with Google services. That is one of the reasons why it has so many installs, actually.

Now, this app was vulnerable as it allowed attackers to obtain sensitive data from the device it’s installed on. That data could have been obtained from Gmail messages, search history, and so on.

Advertisement

The source claims that you should definitely install the latest version of the app, as the issue has been solved.

The researcher said that he combined three different vulnerabilities in order to take advantage of the issue. He says that it was possible to add malicious code to the Google Play Core library, which is used by the ‘Google’ app.

When that malware was accessed by the Google app, it could steal data and do more serious damage. What’s even worse, in order for the attack to be successful, the app required to be launched only once. Removing the app wouldn’t do much good either, if the attack took place.

Advertisement

The attack could happen without alerting the user

In theory, the attack could happen without the user even knowing about it. The vulnerability would enable the attacker to read your messages, access call history, make and receive calls, get your location, and much more.

Now, Mr. Toshin also noted that he found a similar issue in TikTok’s app for Android last year. That issue has been fixed as well, as he never releases such information before the issue is fixed.

The researcher told Forbes that he was awarded for his work by Google. He said that Google gave him a $5,000 bug bounty for discovering the problem. The issue was patched in May, so as long as your Google app is up to date, you don’t have anything to worry about.

Advertisement