Android apps with 250M downloads still vulnerable to patched bug

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Android apps with over 250 million downloads are still susceptible to a severe vulnerability in a Google library that was patched in August 2020.
In August, mobile app security company Oversecured discovered a vulnerability in the Google Play Core Library that allowed malicious applications to execute code in legitimate apps.
Researchers from Check Point Research have discovered that there are still apps with millions of installs using the vulnerable library over three months later.
"Since the publication of this vulnerability, we started monitoring vulnerable applications [...] " Check Point Research stated in their report.
Below is a list of some of the vulnerable applications discovered by Check Point. As you can see, all of these apps have at least 1 million downloads, with one as high as 100 million downloads.
App NameVersionDownload Count
Aloha2.23.01,000,000
Walla! Sports1.8.3.1100,000
XRecorder1.4.0.3100,000,000
Moovit5.56.0.45950,000,000
Hamal2.2.2.11,000,000
IndiaMART12.7.410,000,000
Edge45.09.4.508310,000,000
Grindr6.32.010,000,000
Yango Pro (Taximeter)9.565,000,000
PowerDirector7.5.050,000,000
OkCupid47.0.010,000,000
Teams40.10.1.2741,000,000
Bumble5.195.110,000,000
 

SeriousHoax

Level 47
Well-known
Mar 16, 2019
3,630

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Edge on Android receives security updates occasionally even though the base is outdated.
Hopefully next year things will be better for Edge on Android:
EDIT: I hope we will get a decent changelog like for Edge on Windows, because now we just don't know if this is fixed.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top