The Google Play Store is the centerpiece of most Android individuals’ digital globe; the go-to portal for apps, video games, motion pictures, books, songs, and various other such wondrous content. But lately researchers have revealed that they’ve discovered security flaw in Android Play Store and more importantly, this is affecting most of the Android apps.
Professor Jason Nieh and PhD candidate Nicolas Viennot of Columbia University Computer Science created a tool called PlayDrone. Using this tool, they started to observe more than one million Android apps on a daily basis in Google Play. They even downloaded and decompiled over 1.1 million apps, including 880,000 freebies. And at then, they discovered the security flaw in Google Play Store.
According to Nieh and Viennot, developers of third-party apps often log usernames and passwords of sites and networks ranging from Facebook to Amazon, and even when an app is deleted, this information is retained. In other words, developers bundle secret keys that scan for personal data, and even after the user decides to wipe an app from his/her Android device, the personal info may still be at large.
However, the pair has mentioned that this security flaw in the Play Store’s infrastructure leaves users potentially vulnerable to having their passwords and personal credentials logged without any kind of explicit consent. In simple words, these vulnerabilities can affect users even if they are not actively running the Android apps.
The pair has published their research and has been awarded the prestigious Ken Sevcik Outstanding Student Paper Award at the ACM SIGMETRICS conference. Besides, Viennot has stated that Google is working with the researchers to prevent this type of problems from occurring in the future and has already started the process of informing developers about necessary changes.
Note that, in April, Google announced that it would soon begin continually scanning apps for malware even after installation to improve the overall security of apps and cut down on malware that makes it past the initial approval process for Google Play.