Category: Google|Apr 15, 2020 | Author: Admin

A Study of the top 150,000 Android Apps Reveals 12,706 to Contain a Variety of Backdoors

Share on

A Study of the top 150,000 Android Apps Reveals 12,706 to Contain a Variety of Backdoors

Once again, numerous Android apps with suspicious behavior have surfaced online.

Once again, numerous Android apps with suspicious behavior have surfaced online. According to researchers, thousands of these Android apps on app stores (including Play Store) contain backdoors. Whereas, numerous others contain blacklist secrets. Android Apps With Backdoors Researchers from The Ohio State University, New York University, and CISPA Helmholtz Center for Information Security have conducted a detailed analysis of various mobile apps. According to the detailed shared in their research paper, thousands of Android apps exist online that contain backdoors.

In brief, they developed a tool named “InputScope” to unveil vulnerabilities and hidden behaviors of mobile applications. The tool analyzes the apps’ input validation behavior to uncover these hidden traits. Using this tool the researchers analyzed 150,000 Android apps from various app stores. These included the top 100,000 apps from Google Play Store, top 20,000 apps from an outside app store, and 30,000 pre-installed Samsung apps. They then found thousands of these Android apps to have backdoors.

We identified 12,706 apps containing a variety of backdoors such as secret access keys, master passwords, and secret commands that can allow users to access admin-only functions or attackers to gain unauthorized access to users’ accounts. Also, our analysis discovered 4,028 apps validating user input against blacklisted words of different categories such as insults, racial discrimination, political leader names, and mass incidents.

Responsible Disclosure After completing their study, the researchers followed responsible disclosure. They contacted all app developers to inform them of the flaws via their contact details available. For unpatched apps, the researchers preferred to keep their names hidden until the developers issue the fixes. Though, some of these apps have patched the flaws, for which the researchers disclosed the package names There is still a  huge number of apps exhibiting such dubious behaviors with a large number of these being unpatched which continue to pose a threat to Android users.

Let us know your thoughts in the comments.

Sponsored Ads:

Comments:


Microsoft says having a TPM is "non-negotiable" for Windows 11

Category: Microsoft|Dec 5, 2024 | Author: Admin

Japan warns of IO-Data zero-day router flaws exploited in attacks

Category: IT|Dec 4, 2024 | Author: Admin

Korea arrests CEO for adding DDoS feature to satellite receivers

Category: IT|Dec 3, 2024 | Author: Admin

Google Chrome’s AI feature lets you quickly check website trustworthiness

Category: Google|Dec 2, 2024 | Author: Admin

Novel phising campaign uses corrupted Word documents to evade security

Category: IT|Dec 1, 2024 | Author: Admin

SpyLoan Android malware on Google play installed 8 million times

Category: Google|Nov 30, 2024 | Author: Admin

New Windows Server 2012 zero-day gets free, unofficial patches

Category: Microsoft|Nov 29, 2024 | Author: Admin

Microsoft re-releases Exchange updates after fixing mail delivery

Category: Microsoft|Nov 28, 2024 | Author: Admin

Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours

Category: IT|Nov 27, 2024 | Author: Admin

Hackers exploit critical bug in Array Networks SSL VPN products

Category: IT|Nov 26, 2024 | Author: Admin

Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint

Category: Microsoft|Nov 25, 2024 | Author: Admin

Meta removes over 2 million accounts pushing pig butchering scams

Category: IT|Nov 24, 2024 | Author: Admin

Hackers abuse Avast anti-rootkit driver to disable defenses

Category: IT|Nov 23, 2024 | Author: Admin

Windows 11 KB5046740 update released with 14 changes and fixes

Category: Microsoft|Nov 22, 2024 | Author: Admin

Fortinet VPN design flaw hides successful brute-force attacks

Category: IT|Nov 21, 2024 | Author: Admin
more