CATEGORIES
home News

Resarchers Claim Popular Android Apps Inherit Bugs Poor Security Due To Reused Code

by Rob WilliamsMonday, July 28, 2014, 05:45 PM EDT

Google's Android OS has received its fair share of flack over the past couple of years for its security issues, but sometimes, it's not the company or its OS at fault: It's the third-party developers. Proof of that can be seen from the results of a recent study conducted by the same firm, Codenomicon, that discovered the major "Heartbleed" OpenSSL vulnerability that came to a head this past April.

After evaluating the top 50 apps on Google's Play Store, it was discovered that many do not play by the rules that most users would set. For example, one in ten of these apps send the device's IMEI or location data to a third-party, while one in ten connected to more than two ad networks. Close to half of the 50 apps checked sends the user ID to third-party advertising networks. A bit absurd, isn't it?


Android's OS security can only go so far...

A major problem with these apps is that a lot of them reuse code libraries which contain blocks of code that can exploit user information. As a developer, reusing code is common, because there's no reason to reinvent the wheel. But because that's being done, vulnerabilities are being looked over - vulnerabilities which could be easily discovered via sandboxing, the researchers note.

What's more concerning is that some developers might implement this code on purpose, because it can benefit them greatly because of the information that's procured - and then probably sold to ad networks. Worrying also are those people or companies who commission others to create an app for them. These folks have no easy way to verify that the app they paid to be created doesn't suffer these kinds of flaws.

As big of a problem as this all is, the solution is simple - as long as the developer is honest. As mentioned above, sandboxing is the best way to verify that an app is only doing what it's supposed to do. As for Google, it could test out each app on its own, but it's virtually impossible given the number of apps - and their individual updates - that hit the app store. More and more, it seems like anti-malware and other security apps are not so useless on mobile platforms after all.

Tags:  Android, Mobile, Google, security, NASDAQ: GOOG
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment