Half of Most Popular Android apps Inherit Security Vulnerabilities From Reused Code

Half of Most Popular Android apps Inherit Security Vulnerabilities From Reused Code

It is all very nice and great to have the latest smart phone with premium features and of course, the Android platform driving it. After all, the many scores of apps on the Google Play Store and other repositories provide you with access to games and other utilities, virtually free of cost. With apps being added even as you read this, such availability of never ending stream of apps does make owning an Android smart phone or for that matter a Windows one a very exciting and tempting prospect.

What about security?

But have you ever thought about the security aspect and the threat these apps can pose? While we are very keen and careful about dealing with virus threats on our laptops and desktops, not much thinking goes into this when it comes to the mobile gadget and that is irrespective of its size.

Indeed, researchers who initially found out about the security vulnerability of Heartbleed, now have something more serious to share. They affirm that more than 50 of the more popular Android apps have had their security breached and the reason for that has been attributed to the constant recycling that software libraries undergo.

Heartbleed vulnerability exposed

The term ‘Heartbleed’ came into being after the OpenSSL flaw was discovered. This term will now be used more regularly to highlight and shame those developers who do not follow or impart rigorous security standards to their apps when they are being made. Codenomicon which does a study of apps and their security features found out that more than 50% of the popular 50 Android apps share the Android ID of their users to advertising networks freely and without taking prior permission of their users.

The study by Codenomicon further revealed that at least one out of ten apps even share the IMEI data of the user  to third parties and apps linked to more than a couple of ad networks also share the number of the user. All these are strong security violations. Thirty per cent of apps use plain text to transmit data and many more do not even take the trouble or precaution of encrypting data when they are transferring it.

Reused libraries, the crux of the issue

The Codenomicon chief of security Olli Jarva also revealed that since close to 85% of these mobile apps software consists of reused libraries, they are available as open source due to developers not wanting to put in money to use fresh libraries when they make these apps. Consequently, the finished product carries the vulnerabilities with it ranging from logic errors, to shoddy software design.

These inconsistencies often take long to be discovered and many of them are rectified through patches. But the cause for worry is the fact that developers are fully aware of this and seem to be intentionally sharing information for dollars they get from advertising networks. This compromise on security is certainly unacceptable and such developers have to be brought to book. The Heartbleed vulnerability expose has shaken the industry and has resulted in some of the companies coming forward with alerts and patches on a proactive basis.

Leave a Reply