Play Store: these 13 apps downloaded 250 million times have a serious security breach

A list of 13 Android apps available on the Google Play Store suffer from a serious security flaw. Despite the patch rolled out by Google in April, some apps are still vulnerable. By exploiting the breach, hackers can grab your smartphone data without difficulty.

Google play store

Last April, Google discovered a security breach in the Google Play Core Library, the system that allows you to interact with Google Play services directly from an application. Quickly, engineers from the Mountain View firm corrected the breach.

Many Play Store apps rely on the Google Play Core Library. This is notably the case of Google Chrome, Facebook, Instagram, WhatsApp, SnapChat, Booking and Microsoft Edge. Google has asked the developers of the affected applications toadd the patch to their code. Concretely, each developer must retrieve the latest version of the library and insert it into the application. Most of the developers quickly complied.

Related: Google Removes Three Popular Android Apps That Collect Too Much Data About Children

These 13 Android apps put your smartphone at risk

According to a survey by Checkpoint, not all Play Store apps have been updated with the patch yet. Last September, 8% of apps that use the Play Core Library were still relying on a failed version, putting their users at great risk. Among the affected applications are several popular names, such as Grindr, OkCupid or Teams. Some of the applications have been downloaded by 100 million Internet users. In total, they have accumulated 250 million downloads. Here is the list posted by Checkpoint:

  1. Aloha
  2. Walla! Sports
  3. XRecorder
  4. Moovit
  5. Hamal
  6. IndiaMART
  7. Edge
  8. Grindr
  9. Yango Pro (Taximeter)
  10. OkCupid
  11. PowerDirector
  12. Teams
  13. Bumble

CheckPoint has contacted the developers of the affected applications to ask them to update the Google Play Core Library with the April 2020 patch. Applications like Booking and Viber quickly corrected the situation. According to researchers at CheckPoint, the security breach easily allows an attacker to recover data from a smartphone using spyware. Once installed, the virus is indeed capable of siphoning data without the victims’ knowledge, as well as grabbing cookies from the web browser, quite simply by exploiting the flaw.

Source: CheckPoint