"We have been working closely with Google, Amazon, Facebook and other service providers to identify and notify customers at risk, and make the Google Play store a safer place, informed Nicolas Viennot, a research student at Columbia Engineering."
New York, June 19 - Using a new tool called PlayDrone, researchers at Columbia Engineering have discovered a crucial security problem in Google Play - the official Android app store where millions of Android users get their apps.

They found that developers often store their secret keys in their app's code, similar to usernames/passwords info.

These can be then used by anyone to maliciously steal user data or resources from service providers such as Amazon and Facebook.

These vulnerabilities can affect users even if they are not actively running the Android apps.

Google Play has more than one million apps and over 50 billion app downloads.

But no one reviews what gets put into Google Play, anyone can get a $25 (Rs.1,475) account and upload whatever they want. Very little is known about what's there at an aggregate level, said Jason Nieh, professor of computer science at New York-based Columbia Engineering.

To unlock this, researchers developed PlayDrone, a tool that uses various hacking techniques to circumvent Google security to successfully download Google Play apps and recover their sources.

PlayDrone scales by simply adding more servers and is fast enough to crawl Google Play on a daily basis, downloading more than 1.1 million Android apps and decompiling over 880,000 free applications.

We have been working closely with Google, Amazon, Facebook and other service providers to identify and notify customers at risk, and make the Google Play store a safer place, informed Nicolas Viennot, a research student at Columbia Engineering.

Google is now using our techniques to proactively scan apps for these problems to prevent this from happening again in the future, he added in a paper presented at the ACM SIGMETRICS conference.


comments powered by Disqus
Read more on:
 

PERMALINK

http://www.nerve.in/news:2535002382307
You can quote the permanent link above for a direct link to the story. We do not archive or expire our news stories.


STORY OPTIONS
  Email this story to a friend
  XML feed for Americas


 
COPYRIGHTS INFORMATION
All rights reserved for news content. Reproduction, storage or redistribution of Nerve content and articles in any medium is strictly prohibited.
Contact Nerve Staff for any feedback, corrections and omissions in news stories.
 

All rights reserved for the news content. Reproduction, storage or redistribution of Nerve content and articles in any medium is strictly prohibited.