Play Store: these 13 apps downloaded 250 million times have a serious security flaw.

 

 

A list of 13 Android applications available on the Google Play Store suffer from a serious security flaw. Despite the patch deployed by Google in April, some applications are still vulnerable. By exploiting the breach, hackers can take over your smartphone's data without difficulty.
Last April, Google discovered a security hole in the Google Play Core Library, the system that allows users to interact with Google Play services directly from an application. Engineers at the Mountain View firm quickly corrected the breach.

Many applications in the Play Store rely on the Google Play Core Library. These include Google Chrome, Facebook, Instagram, WhatsApp, SnapChat, Booking and Microsoft Edge. Google has asked developers of these applications to add the patch to their code. Concretely, each developer must retrieve the latest version of the library and insert it into the application. Most developers quickly complied.

These 13 Android applications put your smartphone at risk 

According to a survey conducted by Checkpoint, not all applications in the Play Store have yet been updated with the patch. As of last September, 8% of applications using the Play Core Library were still relying on a defective version, putting their users at great risk. Among the affected applications are several popular names, such as Grindr, OkCupid or Teams. Some of the applications have been downloaded by 100 million Internet users. In total, they accumulate 250 million downloads. Here's the list of Checkpoint's downloads:

    Aloha
    Walla! Sports
    XRecorder
    Moovit
    Hamal
    IndiaMART
    Edge
    Grindr
    Yango Pro (Taximeter)
    OkCupid
    PowerDirector
    Teams
    Bumble

CheckPoint has contacted the developers of the affected applications to ask them to update the Google Play Core Library with the April 2020 patch. Applications such as Booking and Viber quickly corrected the situation. According to CheckPoint researchers, the security flaw makes it easy for an attacker to recover smartphone data using spyware. Once installed, the virus is able to siphon off data without the victims' knowledge, as well as take over web browser cookies, simply by exploiting the vulnerability.