Despite Google fixing a crucial security flaw in its Play Core library back in April 2020, many Android apps still continue to remain vulnerable as per a report by cybersecurity firm Check Point. Identified as CVE-2020-8913, this vulnerability allows attackers to inject malicious code into vulnerable applications, in order to gain access to all the same resources of the hosting application. Attackers can use the vulnerable apps to get access to sensitive data from other apps on the same device, stealing users’ private information, such as login details, passwords, financial details, and mails. While there are many apps, here are the 10 popular Android apps that may be safe to use until the app developers release an update.
Check Point researchers were able to exploit an old version of Google Chrome Android app
To back its claims, Check Point researchers took a vulnerable version of the Google Chrome application and created a dedicated payload to grab its bookmarks. Exploiting the vulnerability, someone can grab cookies to use them as a means to Hijack an existing session with 3rd party services, like DropBox. Once a payload is “injected” into Google Chrome, the payload will have the same access as the Google Chrome app to data, such as cookies, history and bookmarks for the data, and password manager as a service. It is advisable that users update their Google Chrome app immediately.
Old versions of apps like Viber and Booking
Developers of apps like Viber and Booking recently released a patch. Users are advised to update the apps and use the latest version.
Account details, passwords, financial information and other personal data of Grindr app users on Android may be at risk.
Developers of Bumble are yet to update the app to fix this crucial issue as per Check Point.
Another dating app called OKCupid is affected by the same security issue.
The Android app of Cisco Team continues to remain vulnerable and users should exercise caution until the patch is released.
Yango Pro (Taximeter)
Navigation app Yango Pro (Taximeter) has access to almost all permissions making it risky for Android users.
Microsoft is yet to release a fix for its Edge browser for Android. User are at risk of losing their passwords and other personal information.
Xrecorder has been notified about the vulnerability but the developers are yet to release a patch.
PowerDirector also suffers from the exact security issue along with countless other apps.