Android security bug left user data at risk
A vulnerability in Android security could have allowed malicious apps to steal sensitive information from other apps on the same device.
A vulnerability in Android security could have allowed malicious apps to steal sensitive information from other apps on the same device.
App security startup Oversecured claims they have discovered a flaw in Google's widely used Play Core library. The flaw allows installed malicious apps to inject phishing modules into other apps to steal private information, like passwords and credit card numbers. According to Oversecured founder Sergey Toshin, exploiting the bug was "pretty easy." Adding their proof-of-concept app was able to steal a victim's browsing history, passwords and login cookies.
For all latest news, follow The Daily Star's Google News channel. The bug, rated 8.8 out of 10.0 for severity, has been confirmed by Google and fixed.