Secret keys to Android apps pose security problem for users, plus some interesting statistics

Secret keys to Android apps pose security problem for users, plus some interesting statistics
Operating systems at the top of the food chain, no matter what they are, share one common trait, they are prime targets for malware and hackers looking for ways to exploit users. Windows is the poster child for such things as we all know.

On the mobile OS front, that distinction belongs to Android. Though, truth be told, you have to work at it a bit harder to get nabbed by nefarious software, or you could just buy a device that does the work for you.

Operating system aside, apps pose the other potential risk for users. One of the areas where some researchers have discovered security risks, not in what might be called “high risk” apps, but in a pretty significant share of the whole Google Play store. Jason Nieh and Nicolas Viennot at Columbia University developed a program called PlayDrone.

With PlayDrone, they were able to examine information about many apps found in Google Play and they discovered what was described as a critical security problem. This is an issue with the apps themselves, not the Android operating system.

Developers keep secret keys in the app, such as usernames and passwords. Nieh also stated that many “top developers,” as noted in the Play store, use the same architecture in their apps. The vulnerability could be exploited by those determined to steal such information.

Nieh and Viennot have been working with Google (as well as Facebook, LinkedIn, and Amazon) to address the issue. Google has adopted the scanning method developed by Nieh and Viennot, has been proactively scanning apps for the vulnerability, and notifying developers of the problem.

While that problem has been addressed, Nieh and Viennot made a few other discoveries about the apps downloaded from Google Play. For starters, a full 25% of all free apps in the store are clones. Also, a bug which might have caused a problem with a slow app purchase was identified and since fixed. Finally, believe it or not, more than a million people downloaded an app which claims it can function as a scale to measure the weight of an object placed on the screen of an Android device – no, we are not making that up.




1. FingerMyApple unregistered

watching android and malware being together is so much interesting than Romeo and Juliet. gonna wipe my tears :')

3. a_tumiwa

Posts: 393; Member since: Mar 16, 2012

and the most secure OS is Blackberry OS, but not many people use it anymore, dunno why :(

5. Miracles

Posts: 560; Member since: Aug 31, 2013

Cuz Apple took its job. Blackberry was Apple in the old days. But after Apple..they didnt put out any smartphones that appealed to me. Though recent ones look long as they stick to emerging markets like China and India...and stay business friendly...they gonna come back from the dead.

6. mr.techdude

Posts: 571; Member since: Nov 19, 2012

Are you serious, black berry is stereotyped to be 'the most secured OS' well it's not. You own a blackberry and u got the government up ur ass, the truth has been spoken.

12. -box-

Posts: 3991; Member since: Jan 04, 2012

Actually Blackberry 10 is considered the most secure of the mainstream smartphone OSes, followed by Windows Phone, then Android (and there are specially customized versions, restricted really, that are even more secure), then IOS (if you consider it a smartphone OS). Remember that government agencies worldwide rely on Blackberry, even today (apparently it's the only phone POTUS is allowed to use for "business" purposes), although some have begun adopting restricted versions of Android, as well as Windows Phones. Very few have cleared the iphonie to be used, due to security flaws and hardware costs.

2. Jason2k13

Posts: 1466; Member since: Mar 28, 2013

soo many news about android malware and bugs, but never a news about an actual person or business affected by these claims... wonder why...

4. CyberFalcon

Posts: 223; Member since: Apr 17, 2014

coz these bugs are discovered even before some one affected by it... Thats the beauty of open source and ethical hacking...

7. HildyJ

Posts: 338; Member since: Aug 11, 2012

This is to be expected given that the majority of apps on all the OSs are designed to push ads to the users and money to the developers, not to protect the users' privacy. Why do I need a user name and password to blow up aliens/zombies/pigs?

8. Ashoaib

Posts: 3297; Member since: Nov 15, 2013

well said

9. lolatfailphones

Posts: 224; Member since: Apr 08, 2013

That's why I'm an apple user. I mean just look at their new policy! Android has tons of fake apps that steals your information like that flashlight app they had that used data connection.

11. -box-

Posts: 3991; Member since: Jan 04, 2012

Apple is pretty bad at security, actually. Both IOS and os X are natively less secure than Windows PhonE, Android, and Blackberry, and Windows desktop, respectively, and IOS users are a greater target because they're perceived as less tech- and security-conscious and have an expectation that the device will "just work" out of the box with no problems ever, which we know from decades of experience that has been proved wrong too many times to count.

10. -box-

Posts: 3991; Member since: Jan 04, 2012

Only 25% of the free apps are clones? Sure it's not 75%?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.