Beware ... thousands of Android apps have back doors
Beware ... thousands of Android apps have back doors

A comprehensive academic study found that in over 12,700 Android apps that look like back doors, hidden behaviors include: secret access keys, master passwords, and secret commands.

Scientists from Ohio State University, New York University and the CISPA Helmholtz Center for Information Security have developed a special tool to detect this hidden behavior called (InputScope), which is used to analyze more than 150 people. 000 Android application Enter form fields in the program.

Researchers analyzed 100,000 best apps in the Google Play store through a number of installations, the best 20,000 apps from external application stores, and over 30,000 apps preinstalled on Samsung phones.

The research team said, "Our evaluation found a disturbing situation because we identified 12,706 applications that include multiple back doors, such as secret access keys, master passwords, and secret orders." The researchers said: These hidden mechanisms can allow attackers to access unauthorized user accounts.

If an attacker can use one of these applications to physically gain access to the device, the app can authorize the attacker to access the phone or allow him to use elevated privileges on the device, since there are secret commands in the application's input field hidden code run.

The researchers said, “We found a popular remote control app that contains a master password. Even if the phone owner secures the password remotely in case the device is lost, they can also unlock the permissions. We also found a common screen lock app, that uses the access key to reset User passwords and cancellation operations. Screen lock and system access. "

Researchers also discovered a real-time broadcast application using an access key to access the administrator interface. An attacker can use this key to reformulate the app, unlock other features and discover popular translation apps. The app contains a secret key to bypass premium service payments, for example B. To remove ads shown in the app.

The examples given by the research team demonstrate that some problems pose a major risk to the security of users and the data stored on the device, while others are harmless.

The researchers said they have discovered more than 6,800 apps that have features for Android apps in the official Google App Store, and more than 1,000 apps in third-party stores, already installed on Samsung phones. About 4,800 apps installed.

The research team said that they notified all application developers of hidden behavior or similar background mechanisms, but not all application developers responded, as the app names were changed for some examples. To protect its users.

Previous Post Next Post