Millions of people use Android apps on a daily basis, assuming that the apps are safe since they were downloaded directly from Google Play Store. However, a recent study shows that thousands of Android apps actually have backdoors that hackers can easily use to gain access to your personal data. The study was conducted by researchers from New York University, Ohio State University, and Helmholtz Center for Information Security (CISPA).
For the study, the researchers looked at the behavior of about 150,000 apps. Of these, 100,000 were from Google Play, 30,000 were pre-installed on Samsung devices, and 20,000 apps were from China’s Baidu marketplace. The team wanted to analyze two things — the number of apps that showed secret behaviors and whether such behaviors could be used or abused.
“12,706 (apps) exhibited a range of behaviors indicating the presence of backdoors (secret access keys, master passwords, and secret commands) plus another 4,028 that seemed to be checking user input against blacklisted words such as political leaders’ names, incidents in the news, and racial discrimination. Looking at backdoors, both Google Play and apps from alternative app stores such as Baidu showed roughly the same percentage of apps falling into this category, 6.8 and 5.3 percent respectively,” according to Naked Security.
A hugely popular app was found to have a master password that gave it access to the device. Another app with almost 5 million downloads had an access key that could reset the passwords of the users. A translator app with a million downloads used a secret key in order to bypass procedures for paying for extra functionalities. A video streaming app boasting 5 million downloads was discovered to be using a passkey so it could enter administrator mode.
A hacker can use these backdoors to modify the smartphone or simply copy any personal data stored in the device. Qingchuan Zhao, a co-author of the study, believes that the main reason why these apps contain backdoors is due to the misplaced trust of developers. He pointed out that developers should conduct security-relevant user-input validations and keep their secrets in the backend servers so that hackers are not able to get hold of sensitive data.
“On many platforms, user-generated content may be moderated or filtered before it is published… Unfortunately, there might exist problems — for example, users know that certain words are forbidden from a platform’s policy, but they are unaware of examples of words that are considered as banned words and could result in content being blocked without users’ knowledge… Therefore, end-users may wish to clarify vague platform content policies by seeing examples of banned words,” he said, as reported by Business Standard.
A huge threat
A report by the security team at Avast, an Internet security brand, found that the most common type of attack on Android right now is adware, which accounts for almost 70 percent of all mobile malware. The remaining threats come from fake apps, downloaders, banking Trojans, and lockers. Adwares can not only make a person’s device unusable, but they also provide hackers with a way to make money in the process.
“Adware often disguises itself in the form of gaming and entertainment apps or other app types that are currently trending which helps hackers target the most amount of users. These apps may appear harmless, but once they’ve infected a device they will surreptitiously click on ads in the background. Sometimes, adware also serves adverts with malicious content,” according to Express.
Nikolaos Chrysaidos, Head of Mobile Threat Intelligence & Security at Avast, points out that adware deployment has spiked in recent years due to the increased use of mobiles.