Backend Vulnerabilities Found in Top 5,000 Free Android Apps: Report

Researchers from Georgia Institute of Technology and The Ohio State University studied only applications in the Google Play Store.

Advertisement
By Indo-Asian News Service | Updated: 13 August 2019 19:14 IST
Highlights
  • The vulnerabilities were found in the backend systems
  • 655 instances of zero-day vulnerabilities spotted
  • The researchers have created an automated system to help developers

Researchers discovered 983 instances of known vulnerabilities on apps listed on Google Play Store

Cybersecurity researchers have identified more than 1,600 vulnerabilities in the support ecosystem behind the top 5,000 free apps available in the Google Play Store.

While the researchers from Georgia Institute of Technology and The Ohio State University studied only applications in the Google Play Store, applications designed for iOS may share the same backend systems.

Advertisement

The vulnerabilities were found in the backend systems that feed content and advertising to smartphone applications through a network of Cloud-based servers.

The vulnerabilities, affecting multiple app categories, could allow hackers to break into databases that include personal information - and perhaps into users' mobile devices, said the study scheduled to be presented at the 2019 USENIX Security Symposium in the US on Thursday.

"These vulnerabilities affect the servers that are in the cloud, and once an attacker gets on the server, there are many ways they can attack," said Brendan Saltaformaggio, Assistant Professor in Georgia Tech's School of Electrical and Computer Engineering.

The researchers were still investigating whether attackers could get into individual mobile devices connected to vulnerable servers.

Advertisement

"It's a whole new question whether or not they can jump from the server to a user's device, but our preliminary research on that is very concerning," Saltaformaggio added.

In their study, the researchers discovered 983 instances of known vulnerabilities and another 655 instances of zero-day vulnerabilities spanning across the software layers - operating systems, software services, communications modules and web apps - of the Cloud-based systems supporting the apps.

Advertisement

To help developers improve the security of their mobile apps, the researchers have created an automated system called SkyWalker to vet the Cloud servers and software library systems.

SkyWalker can examine the security of the servers supporting mobile applications, which are often operated by Cloud hosting services rather than individual app developers.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Amazon Prime Day 2026: 55-inch Smart TV Deals from Lumio, Samsung and More
  2. Amazon Prime Day 2026: Best Deals on Fire TV Stick and Streaming Devices
  3. Amazon Prime Day 2026: Best Deals on Smartphones Under Rs. 15,000
  4. Best Camera Phones Under Rs. 30,000 for Content Creators in India
  5. Everything We Know About the Nothing Phone 4b
  1. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  2. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  3. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  4. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  5. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  6. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  7. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  8. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  9. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  10. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.