Several popular apps vulnerable to data theft due to Google Play bug

Several popular applications for Android are prone to bug in the Google Play Core section of the Android operating system. Misuse of the leak could lead to data theft.

Popular apps are vulnerable

A study by security researcher Check Point shows that several applications, several of which are very popular, are vulnerable to data theft. The reason for this is that a bug in the Google Play Core Library has not yet been fixed. Google itself addressed this vulnerability in April, but not all developers have already dealt with it. The vulnerability is identified as CVE-2020-8913.

According to Check Point, several developers have now resolved the leak. This includes Booking, Viber, Moovit and Grindr. However, Microsoft still would not have addressed the problem in the Edge browser for Android. That’s a bad thing, given the large number of users who have installed the app (more than 10 million installs). Until this is done, we recommend uninstalling this app from your phone.

The vulnerability allows malicious parties to add a piece of code to an application themselves. In this way, personal data can be ‘stolen’. Think of banking apps where the code can be adjusted independently, or the collection of other types of login data. In addition, in certain cases an SMS can be read or a malicious person can collect other types of data, such as location data.

It is currently unknown how many applications are still vulnerable to the vulnerability. A survey in September found that 8 percent of the applications scanned were vulnerable to the leak.