08-29-2020 , 02:45 AM
https://techcrunch.com/2020/08/28/androi...apps-data/ Android security bug let malicious apps siphon off private user data
Zack Whittaker@zackwhittaker / 11:00 am ADT•August 28, 2020 A security vulnerability in Android could have allowed malicious apps to siphon off sensitive data from other apps on the same device.
App security startup Oversecured found the flaw in Google’s widely used Play Core library, which lets developers push in-app updates and new feature modules to their Android apps, like language packs or game levels.
A malicious app on the same Android device could exploit the vulnerability by injecting malicious modules into other apps that rely on the library to steal private information, like passwords and credit card numbers, from inside the app.
Sergey Toshin, founder of Oversecured, told TechCrunch that exploiting the bug was “pretty easy.”
Zack Whittaker@zackwhittaker / 11:00 am ADT•August 28, 2020 A security vulnerability in Android could have allowed malicious apps to siphon off sensitive data from other apps on the same device.
App security startup Oversecured found the flaw in Google’s widely used Play Core library, which lets developers push in-app updates and new feature modules to their Android apps, like language packs or game levels.
A malicious app on the same Android device could exploit the vulnerability by injecting malicious modules into other apps that rely on the library to steal private information, like passwords and credit card numbers, from inside the app.
Sergey Toshin, founder of Oversecured, told TechCrunch that exploiting the bug was “pretty easy.”