Android App Danger : Thousands of Secret Keys Mean ‘Security Risk’ In Your Android App

By on

Android App Danger : Thousands of Secret Keys Mean “Security Risk” In Your Android App

Reports have surfaced about Android apps that could be very troubling for many Android OS users. Thousand of secret keys have reportedly been found in Android apps that can mean a security risk for those who use the apps. Since apps posted and sold in the Google Play Store do not require any review, no one can be certain if the apps being bought and downloaded are secure or risk-free.

Google has downplayed this risk, ever since the Google Play Store went online, and many Android users feel that the risk is worth getting so many wonderful apps for their Android devices. Still, concerns about Android security always crop up now and then, especially if there have been reports of hacking, and other illegal activities that point to certain Android apps, as the culprit.

This concern is what prompted a team of researchers from Columbia University, to explore the vulnerability and security issues in Android apps. Jason Nieh, a computer science professor, and Nicholas Viennot, a PhD candidate at the university, analyzed over 880, 000 apps in the Google Play Store, and their findings were a bit troubling.

Nieh and Viennot managed to decompile such a massive amount of apps (from the existing 1.1 Million apps in the google Play Store) by using a scalable tool called PlayDrone.

PlayDrone was specially designed for such a task, and it enabled the team to use ?hacking techniques? in order to go around the security protocols implemented by Google, download the Android apps, and analyze their sources and content.

Nieh and Viennot discovered that the app developers ?often? store secret keys in the app software, just like a ?username and password? key, which ?can be used? to steal the data of the user and other information from online accounts like Facebook and Amazon.

These ?secret keys? are not only employed by small ? suspicious? developers, but even by recognized ?Top Developers? that Google Play recommends.

As of this writing, Google has not released any statement about this report, but we can be pretty sure that they will be implementing some drastic solutions in the next few days, to maintain the integrity and security of the Android OS and the Google Play Store.

Do check out our previous reports on Android Security risks and solutions at:

Opera Browser Update For Android Arrives, Brings In Tab Swipe Features, Security Fix, and More

Android 4.4.3 KitKat for Nexus 5: Major Bug Fixes for Camera, Wi-Fi, Email Sync, Random Boot and Security

Image Source: Columbia University

About the author

To Top