The Google Play Store is a centerpiece of most Android users’, they go-to portal to download and install apps, games, movies, music, books, and other such content. Event though Google’s tough moderation system ensures that aggression by malicious software is kept to a minimum, appears to a fundamental flaw in the Play Store’s infrastructure that leaves users potentially vulnerable to having their passwords and personal data logged without accurate consent. This isn’t the first leading security glitch that affected, but several times it has entered this and fixed as though with bug fixes and Play Store updates.
In a similar fashion, yesterday, Google has surprisingly released Android 4.4.4 Kitkat update for Nexus 4, 5, 7, 10 (direct links) available for free to fix vulnerability. Apart this, given Android’s open source nature, it is in a constant battle to remain clear of the continual wave of malware out to hack devices, steal passwords, and in general cause blister.
Important to note: Third-part app stores definitely doesn’t help in Google’s ongoing quest to keep users safre from these kinds of attacks. But according to a new piece of research by a computer science professor Jason Nieh and PhD student Nicola Viennot at Columbia, the Big G’s own house isn’t quite in order.
Discovered as, developers of third-party apps often log usernames and passwords of sites and network ranging from Facebook to Amazon, and even when an app is deleted, this information is retained. Both the professor and the student compiled a special tool that mass-downloaded 1.1 million Android apps. From there, the tool also then decompiled the apps and found that frequently, developers are building secret keys that scan for personal data. Even though when you decide to completely remove (wipe) an app from your Android device, the personal information may still exist and still be at large scale.
It is not only affecting the basic third-party app developers, but even the apps from so-called Top Developers of the Play Store as well, and currently the transparency over user privacy is at all-time high, this seems a very shocking breach of position.
One point to be clarified, and that is, not only the official Facebook, Amazon et al, apps that are problematic, but Google although responded by notifying developers that they must cease such kind of activity. Nevertheless, the authors of the research paper are also working with the likes of Google, Facebook and Amazon to ensure that affected Android users are made aware of the issue and can adjust their personal data if need be.
Google has however promised to implement measure to prevent developers grabbing such data in the future, in regards, the situation can be rectified quickly as possible, effectively in the coming future. Stay tuned!