Security researchers from TrendLabs have found vulnerabilities in some Android apps, which lead to attacks or leave user data at risk.
The researchers found vulnerabilities in two popular Android apps, a productivity app which clocked more than 10 million downloads and a shopping app which has been downloaded at least one million times.
Security firm Trend Micro said in a blog that the issue lies in a certain Android component which executes functions of the app.
The shopping app shows a pop up which they claim can be abused and can be triggered by other apps.
Similar pop-ups can be displayed by a malicious app to launch an attack which could lead to malicious links or malicious app, the researchers added.
In the unnamed productivity app, the content providers that handle critical information to collect them, was protected by read and write permission, which the researchers say can be exploited.
"This component has an attribute named "android:exported", which, when set to "true", allows this component to be executed or accessed by other applications. This means that apps installed within a device may be able to trigger certain functions in other apps."
"This has obvious convenient uses for developers and vendors who want to strike partnerships with apps by other vendors, but from a security standpoint, this also poses an opportunity for cybercriminals."
According the security experts, the vulnerability can be exploited in different ways depending on the intent of the attacker and the nature of the vulnerable application.
The ‘normal’ protection means all applications installed in the device are granted the two permissions as well.
In addition, in its Trend Micro’s Q1 Security Round Up, the security company has found a spike in mobile threats this quarter, with the number of mobile malware and high-risk apps reaching 2 million.
The report added that the explosion of repackaged apps — which have been maliciously tampered with to pass Android’s’ security features, contributed to the huge growth in mobile malware.
