PlayDrone Reveals Secret Keys from Thousands of Play Store Android Apps – The Hacker News

google android hacks

Google’s Android Mobile operating system for smartphones and tablets have Google’s own Play Store that provides its Android users the most visible way to access the world of millions of apps.

App developers produce more than thousands of applications each year, but majority of newbie and unprofessional developers use unsafe, unreliable, and insecure coding practices, as many developers store secret keys in their apps that could potentially allow cybercriminals to steal users’ sensitive data.

A team of researchers from the computer science department of the Columbia University have discovered a critical security problem in the Google’s official Android app store from where millions of Android users download various apps.

Researchers have found that most of the Android application developers often store their secret keys in their app’s code, similar to usernames/passwords information, which could be then used by any bad actor to maliciously steal users’ information or resources from the service providers such as Amazon and Facebook.

These vulnerabilities in the implementation of the Android applications can affect users even if they are not actively using the Android apps. Even "Top Developers" designated by the Google Play team as the best developers on Google Play, included these vulnerabilities in their apps, according to the researchers.

Google play store contains millions of apps, including free and paid apps, and over 50 billion app downloads.

“But no one reviews what gets put into Google Play—anyone can get a $25 account and upload whatever they want. Very little is known about what’s there at an aggregate level," said Jason Nieh, professor of computer science at New York-based Columbia Engineering.

Researchers built and make use of a tool called PlayDrone, the first scalable Google Play store crawler tool that uses various hacking techniques to deceive the security measures that Google uses to prevent indexing of its Google Play store content. One can successfully download Google Play store content and recover their sources. (Slides) (Download PlayDrone)

via PlayDrone Reveals Secret Keys from Thousands of Play Store Android Apps – The Hacker News.


One Comment to “PlayDrone Reveals Secret Keys from Thousands of Play Store Android Apps – The Hacker News”

  1. Daniel Popec says:

    You could certainly see your expertise within the paintings you write. The arena hopes for more passionate writers such as you who aren’t afraid to say how they believe. Always go after your heart. “A simple fact that is hard to learn is that the time to save money is when you have some.” by Joe Moore.

Leave a Reply