Many popular Android and iOS mobile apps with millions of users had critical vulnerabilities that could be exploited to compromise sensitive user data.
A report by cybersecurity researchers at Symantec found that the problem is simply that software developers aren’t paying enough attention on the job.
Researchers discovered eight apps available through Google Play and the App Store that contained hard-coded, unencrypted credentials for cloud services. These services stored users’ sensitive information in their apps, so in theory, if a malicious attacker were to obtain the binaries or source code of these apps, they could easily exfiltrate people’s information and use them to access people. It may cause harm.
Thousands of compromised websites
On Android, the apps include The Pic Stitch (a collage editing app for Android with over 5 million users), Meru Cabs (a taxi hailing app with over 5 million users), Sulekha Business-List & Give (a collage editing app with over 5 million users), or more downloads). ), ReSound Tinnitus Relief (500,000 users), Saludsa (over 100,000 users), Chola Ms Break In (100,000 users), EatSleepRIDE Motorcycle GPS (100,000 users), and Beltone Tinnitus Calmer (100,000 users).
Although Apple doesn’t publish download numbers for iOS apps, there are app store ratings that can be used to determine at least some of the download numbers. So we have Crumbl (a desert ordering app with 4.3 million ratings), Eureka (a survey app with over 400,000 ratings), Videoshop (350,000 ratings), Solitaire Clash: Win Real Cash (240,000 ratings), and Zap Surveys. Earn money easily (235,000 ratings).
There’s not much the end user can do here, as this is an issue with the app itself and one that can be easily fixed by the developer. Still, Symantec recommends installing an antivirus program and only downloading apps from trusted sources (well, Google Play Store, Apple Store, etc.).
via register
