View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Android apps can be exploited to launch attacks

TrendLabs found vulnerabilities in productivity shopping apps.

By CBR Staff Writer

Security researchers from TrendLabs have found vulnerabilities in some Android apps, which lead to attacks or leave user data at risk.

The researchers found vulnerabilities in two popular Android apps, a productivity app which clocked more than 10 million downloads and a shopping app which has been downloaded at least one million times.

Security firm Trend Micro said in a blog that the issue lies in a certain Android component which executes functions of the app.

The shopping app shows a pop up which they claim can be abused and can be triggered by other apps.

Similar pop-ups can be displayed by a malicious app to launch an attack which could lead to malicious links or malicious app, the researchers added.

In the unnamed productivity app, the content providers that handle critical information to collect them, was protected by read and write permission, which the researchers say can be exploited.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"This component has an attribute named "android:exported", which, when set to "true", allows this component to be executed or accessed by other applications. This means that apps installed within a device may be able to trigger certain functions in other apps."

"This has obvious convenient uses for developers and vendors who want to strike partnerships with apps by other vendors, but from a security standpoint, this also poses an opportunity for cybercriminals."

According the security experts, the vulnerability can be exploited in different ways depending on the intent of the attacker and the nature of the vulnerable application.

The ‘normal’ protection means all applications installed in the device are granted the two permissions as well.

In addition, in its Trend Micro’s Q1 Security Round Up, the security company has found a spike in mobile threats this quarter, with the number of mobile malware and high-risk apps reaching 2 million.

The report added that the explosion of repackaged apps — which have been maliciously tampered with to pass Android’s’ security features, contributed to the huge growth in mobile malware.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.