Developing an app isn’t as straightforward as coming up with an idea and writing the code. Of course that is part of it, but another part is ensuring that your code does not contain any potential flaws or vulnerabilities that could be exploited. Unfortunately, there are quite a few of these apps out there. According to a recent report by the Black Duck Cybersecurity Research Center (CyRC), some keyboard apps on Android that contain security vulnerabilities.
Researchers discover some Android keyboard apps with security holes
The researchers discovered at least three Android apps, including keyboard apps, that pose a security risk. This includes Telepad, PC Keyboard, and the Lazy Mouse app.
For those unfamiliar with these apps, the researchers say, “Lazy Mouse, Telepad, and PC Keyboard are keyboard and mouse applications that connect to a server on a desktop or laptop computer and transmit mouse and keyboard events to the server.” They also said that the free and paid versions of these apps have a combined download of more than 2 million.
This means there’s a chance that there could be millions of Android devices out there at risk. So, what are the issues with these apps? The researchers say they found “weak or missing authentication mechanisms, missing authorization, and insecure communication vulnerabilities.” However, there is some good news. While these three apps did contain vulnerabilities, they did not find a single method of exploit that could work on all three.
Google is doing something about it
What’s worrying is that according to CyRC, they did not get a response from the developers when they reached out. They also found that despite these apps being widely used, they weren’t being maintained.
This is a problem because apps should always be updated to ensure that flaws and security holes are patched. Especially when there are new exploits being discovered all the time. Thankfully, Google is aware of the issue.
While not specifically related to these three apps, Google is working on a Play Store feature that will alert users of old/abandoned apps. The feature will give users a heads up when an app has been removed and is no longer receiving updates. This isn’t to say all old apps are flawed.
Some might be simple enough where it might not really matter. However, alerting users at least gives them the option and information to make a decision.
The post These Android Keyboard Apps With 2 Million Downloads Have Serious Security Holes appeared first on Android Headlines.
