News

Researchers: Many Android apps contain private keys

By admin
Spread the love

Researchers from Columbia University have discovered that thousands of apps in the Play Store contain private keys, for example for Amazon Web Services. Those private keys could be stolen by malicious parties.

The vulnerability was discovered by researchers at Columbia University. It involves thousands of apps. This concerns keys for services such as Amazon Web Services, Facebook and LinkedIn. More than 6,000 Twitter keys were found.

There is no reason to provide private keys; it is unknown why the apps do it anyway. According to the researchers, developers who are classified by Google as ‘top developers’ are also guilty of the security problem.

The researchers have worked with Google, as well as Amazon and Facebook, to contain the security problem. In addition, Google now automatically scans apps in the Play Store for existing private keys. Developers who provide private keys are warned to stop doing so.

The developers discovered the vulnerability by automatically downloading apps from the Play Store and then analyzing them automatically. They built a tool for that, PlayDrone. Thanks to this tool, the researchers also report that a quarter of the apps in the Play Store are exact copies of apps that were already in the Play Store.

You might also like
News

X begins to deploy the audio and video calling function (but only paying users can…

News

Amazon has just taken the first real step to compete with Starlink: it has launched…

News

Rumor: Apple is working on its own applications based on a large language model

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable

News

Brave sells web content as data for AI training

Exit mobile version