Amazon Shutting Down Free App Store
- Author: Carolyn Briggs May 04, 2017,
May 04, 2017, 16:20
In today's episode of "Android security bad", researchers at the University of MI have uncovered over 400 apps now hosted in Google Play - some with tens of millions of installs - that are susceptible to open port malware attacks and data theft.
"From OPAnalyzer output, we uncover 410 vulnerable applications with 956 potential exploits in total, and manually confirm 57 vulnerable apps that have not been previously reported, including popular ones on the market and even a pre-installed app on some device models". Out of these, 1632 created open ports to connect to PCs and 410 apps were low on security.
This feature of the Play Store, which enables you to easily run parts of an Android app directly from search results without having to install the complete package, has been in the works for quite a long time.
Open port backdoors could be exploited to steal private information such as contacts, security credentials and photos; to remotely control a device; to perform a denial of service attack; or to inject malicious code that could jumpstart widespread, virus-like attacks, the researchers say. The researchers didn't give out any names of the apps vulnerable to this attack, but said that it has already informed developers about it. That includes minimizing the number of apps installed on company-certified BYOD devices.
The old adage that less is more is true when it comes to mobile devices: The less you have on them the more secure you are. Besides this, an attacker must have the IP address of the vulnerable device, exposed over the Internet.
Also, if you've ever explored the Play Store, you'd know that Google provides you with an option to toggle the addition of apps to the home screen automatically after installation. A phone, tablet, or Chromebook is deemed useless if it can not run Android apps. Now, we are nearing the next I/O developer conference and this Instant Apps feature also seems to be taking shape.
The app store was launched in 2015 and allowed users to do download apps for free, while app developers continued to get their 70 percent of revenue share. Security teams need to force BYOD devices to conform to certain software standards, unnecessarily open firewall ports need to be closed, and employees need to be briefed on good device security practices.