Android App Danger : Thousands of Secret Keys Mean “Security Risk” In Your Android App
Reports have surfaced about Android apps that could be very troubling for many Android OS users. Thousand of secret keys have reportedly been found in Android apps that can mean a security risk for those who use the apps. Since apps posted and sold in the Google Play Store do not require any review, no one can be certain if the apps being bought and downloaded are secure or risk-free.
Google has downplayed this risk, ever since the Google Play Store went online, and many Android users feel that the risk is worth getting so many wonderful apps for their Android devices. Still, concerns about Android security always crop up now and then, especially if there have been reports of hacking, and other illegal activities that point to certain Android apps, as the culprit.
This concern is what prompted a team of researchers from Columbia University, to explore the vulnerability and security issues in Android apps. Jason Nieh, a computer science professor, and Nicholas Viennot, a PhD candidate at the university, analyzed over 880, 000 apps in the Google Play Store, and their findings were a bit troubling.
Nieh and Viennot managed to decompile such a massive amount of apps (from the existing 1.1 Million apps in the google Play Store) by using a scalable tool called PlayDrone.
PlayDrone was specially designed for such a task, and it enabled the team to use ?hacking techniques? in order to go around the security protocols implemented by Google, download the Android apps, and analyze their sources and content.
Nieh and Viennot discovered that the app developers ?often? store secret keys in the app software, just like a ?username and password? key, which ?can be used? to steal the data of the user and other information from online accounts like Facebook and Amazon.
These ?secret keys? are not only employed by small ? suspicious? developers, but even by recognized ?Top Developers? that Google Play recommends.
As of this writing, Google has not released any statement about this report, but we can be pretty sure that they will be implementing some drastic solutions in the next few days, to maintain the integrity and security of the Android OS and the Google Play Store.
Do check out our previous reports on Android Security risks and solutions at:
Image Source: Columbia University