Android apps can be exploited to launch attacks

App Dev and SOA

by CBR Staff Writer| 14 May 2014

TrendLabs found vulnerabilities in productivity shopping apps.

Security researchers from TrendLabs have found vulnerabilities in some Android apps, which lead to attacks or leave user data at risk.

The researchers found vulnerabilities in two popular Android apps, a productivity app which clocked more than 10 million downloads and a shopping app which has been downloaded at least one million times.

Security firm Trend Micro said in a blog that the issue lies in a certain Android component which executes functions of the app.

The shopping app shows a pop up which they claim can be abused and can be triggered by other apps.

Similar pop-ups can be displayed by a malicious app to launch an attack which could lead to malicious links or malicious app, the researchers added.

In the unnamed productivity app, the content providers that handle critical information to collect them, was protected by read and write permission, which the researchers say can be exploited.

"This component has an attribute named "android:exported", which, when set to "true", allows this component to be executed or accessed by other applications. This means that apps installed within a device may be able to trigger certain functions in other apps."

"This has obvious convenient uses for developers and vendors who want to strike partnerships with apps by other vendors, but from a security standpoint, this also poses an opportunity for cybercriminals."

According the security experts, the vulnerability can be exploited in different ways depending on the intent of the attacker and the nature of the vulnerable application.

The 'normal' protection means all applications installed in the device are granted the two permissions as well.

In addition, in its Trend Micro's Q1 Security Round Up, the security company has found a spike in mobile threats this quarter, with the number of mobile malware and high-risk apps reaching 2 million.

The report added that the explosion of repackaged apps -- which have been maliciously tampered with to pass Android's' security features, contributed to the huge growth in mobile malware.

Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.