Bumble, OKCupid Android Apps Plagued With an Old Flaw That Puts Millions of Users’ Data at Risk: Check Point

This known flaw, CVE-2020-8913, was patched by Google in April itself, but app developers must install the new Play Core library in order to make threat fully go away.

Advertisement
By Tasneem Akolawala | Updated: 7 December 2020 18:41 IST
Highlights
  • Google patched this bug in April and rated it 8.8 out of 10 in severity
  • Viber, Booking updated to patched versions after Check Point notification
  • Threat actors can use flaw to steal login details, passwords, financial d

Grindr, Bumble, OKCupid, Cisco Teams, Edge are reportedly still vulnerable to a dangerous flaw

Grindr, Bumble, OKCupid, Cisco Teams, Yango Pro, Edge, Xrecorder, PowerDirector, and many other popular apps are still vulnerable to a Play Core library flaw that puts hundreds of millions of Android users' data to risk, research firm Check Point reports. This flaw was patched by Google in April itself, but app developers themselves must install new Play Core library in order to make threat fully go away. All of the above-mentioned apps are still on the old Play Core library version. Viber and Booking apps were also on the old version, but they soon updated their Play Core library, once intimated by Check Point.

Security researchers at Check Point say that these apps — Grindr, Bumble, OKCupid, Cisco Teams, Yango Pro, Edge, Xrecorder, PowerDirector – are still vulnerable to the to the known vulnerability CVE-2020-8913, even after Google released its patch in April. The flaw is rooted in Google's widely used Play Core library, which lets developers push in-app updates and new feature modules to their Android apps. The vulnerability reportedly allows a threat actor to use these vulnerable apps to siphon off sensitive data from other apps on the same device, stealing users' private information, such as login details, passwords, financial details, and mail.

Advertisement

Google acknowledged this bug and rated it an 8.8 out of 10 in severity. It has been more than half a year since the patch has been rolled out by the tech giant, but app developers haven't themselves installed the Play Core library update. Check Point notes that 13 percent of Google Play apps analysed by them in September used the Google Play Core library, and 8 percent of those apps continued to have a vulnerable version. Viber and Booking apps updated to patched versions after Check Point notified them about the vulnerability.

Manager of Mobile Research, Check Point, Aviran Hazum says, “We're estimating that hundreds of millions of Android users are at security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries. The vulnerability CVE-2020-8913 is highly dangerous. If a malicious application exploits this vulnerability, it can gain code execution inside popular applications, obtaining the same access as the vulnerable application. For example, the vulnerability could allow a threat actor to steal two-factor authentications codes or inject code into banking applications to grab credentials. Or, a threat actor could inject code into social media applications to spy on victims or inject code into all IM apps to grab all messages. The attack possibilities here are only limited by a threat actor's imagination.”

All users who have these malicious apps installed on their handsets are putting their sensitive data at risk. Before these apps update their Play Core library, it is recommended to uninstall these apps from your Android phones.


Should the government explain why Chinese apps were banned? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated - see our ethics statement for details.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Moto G77 Power Listing Confirms Key Specifications Before July 8 Debut
  2. Vivo Y500 4G Makes Global Debut With an 8,100mAh Battery: See Price
  3. Samsung Galaxy Z Fold 8 Series Could Ship With This Notable Display Upgrade
  4. Top ACs from Carrier, Voltas and More Brands During Amazon's Prime Day Sale
  1. Apple Brings Back Card Payments for App Store and iCloud Transactions in India After Five Years
  2. Samsung Galaxy Z Fold 8 Series Tipped to Launch With a New Hinge to Minimise Display Crease
  3. Huawei Mate X8 Display, Camera Details Leaked Online; Mate XT 2 and Mate X8 Said to Launch With Kirin Processor
  4. Redmi Said to Be Working on 7-Inch 'Performance' Smartphone
  5. Bitcoin Trades Near Two-Week High as Crypto Investor Sentiment Improves
  6. iOS 27 System Prompt Reportedly Hints at Apple’s New Smart Wearable With Two Cameras
  7. Xiaomi Civi Series Discontinued With No Next-Generation Model Planned, Claims Tipster
  8. Apple’s Foldable iPhone to Hit Shelves Later Than Anticipated Due to ‘Manufacturing Challenges’, Analyst Claims
  9. Samsung Galaxy F70 Pro Bluetooth SIG Listing Suggests Its Launch Might Be Right Around the Corner
  10. iPhone Air 2 Design Leaked in New Renders That Point to Dual 48-Megapixel Cameras
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.