Security

High-Profile Android Applications Ridden by Old and Known Flaws

Written by Bill Toulas
Last updated September 23, 2021

Researchers of the Check Point team have discovered that many high-profile and widely used Android applications are using components that are carrying well-known and long-standing vulnerabilities. This case of negligence throws all benefits that derive from updating your system and applying the latest patches, which is entirely unacceptable. The researchers hypothesized the existence of these flaws in various applications and then decided to test their assumptions. They have used a collection of the most recent app versions that are available on the Google Play Store and tested them against a set of known flaws.

Some of the most notable findings of this research are the following:

As you can see, these vulnerabilities have been identified as far back as 2014, so pushing new app versions that still carry them is a massive problem for the users. All of the flaws that are presented above were fixed a long time ago, and malicious actors know how to exploit them. The problem is that app developers grab the native libraries they need without paying any attention to their version and whether the code is outdated. These native libraries are often derived from open-source projects and various fragments that come from multiple independent teams. That said, when a flaw is discovered somewhere, it is not easy to get it fixed immediately, nor is it in the control of those who compile the libraries.

All that said, Check Point’s research denotes that there are hundreds of Android apps that are vulnerable to exploitation, even if their users update them immediately. This is a fundamental problem that can be surprising to both the maintainers and the end-users, and malicious actors know it. While Google’s move to form the “App Defense Alliance” was undoubtedly in the right direction, malware detection shouldn’t be the only goal of the project. Scanning for long-standing known vulnerabilities and helping the app developers address them should finally become part of the app reviewing process.

Do you trust Android apps, or do you prefer the iOS ecosystem? Let us know where you stand in the comments down below, or on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: