Secret keys to Android apps pose security problem for users, plus some interesting statistics
On the mobile OS front, that distinction belongs to Android. Though, truth be told, you have to work at it a bit harder to get nabbed by nefarious software, or you could just buy a device that does the work for you.
Operating system aside, apps pose the other potential risk for users. One of the areas where some researchers have discovered security risks, not in what might be called “high risk” apps, but in a pretty significant share of the whole Google Play store. Jason Nieh and Nicolas Viennot at Columbia University developed a program called PlayDrone.
With PlayDrone, they were able to examine information about many apps found in Google Play and they discovered what was described as a critical security problem. This is an issue with the apps themselves, not the Android operating system.
Developers keep secret keys in the app, such as usernames and passwords. Nieh also stated that many “top developers,” as noted in the Play store, use the same architecture in their apps. The vulnerability could be exploited by those determined to steal such information.
Nieh and Viennot have been working with Google (as well as Facebook, LinkedIn, and Amazon) to address the issue. Google has adopted the scanning method developed by Nieh and Viennot, has been proactively scanning apps for the vulnerability, and notifying developers of the problem.
While that problem has been addressed, Nieh and Viennot made a few other discoveries about the apps downloaded from Google Play. For starters, a full 25% of all free apps in the store are clones. Also, a bug which might have caused a problem with a slow app purchase was identified and since fixed. Finally, believe it or not, more than a million people downloaded an app which claims it can function as a scale to measure the weight of an object placed on the screen of an Android device – no, we are not making that up.