AppBugs: Fourteen applications, which to date have around 80 million downloads, have serious shortcomings in the way they manage social connections.
AppBugs, has developed an application to track vulnerabilities, discovered problems in too many Android applications. These applications in their entirety use social connections from Google, Microsoft, Facebook, Twitter and other services according to VB.
For example:
The application Astro File Managers exposes them codeς accessof Microsoft accounts. Astro File Manager has around 100 million downloads to date, as reported by AppBugs.
The application MeituPic exposes Facebook, Baidu, and Renren.com accounts. MeituPic has between 10 million and 50 million downloads, AppBugs says.
The application GReader, a popular news app according to AppBug, "exposes all users' social accounts, pages like Facebook, Google, Twitter, Microsoft and Evernote."
(The full list of AppBugs apps is available at the end of the publication.)
These problems are due to weaknesses in the way applications handle SSL certificates used by servers to verify an identity.
These flaws allow an attacker to use fake SSL certificates to obtain credentials connectionof users.
AppBugs reports that it contacted each of the developers of these apps and that for four months it has not received any response.
"To date, only one developer (of the Foxit MobilePDF application) has fixed the issue," said AppBugs' Rui Wang.
Below is the list of problematic applications that are listed found by AppBugs.
- MeituPic
- Astro File Manager with Cloud
- GReader
- Windows Live Hotmail Push Mail
- JustUnFollow
- Brother iPrint & Scan
- Software Data Cable
- FriendCaster Chat
- PrintHand Mobile Print
- Phone for Google Voice & GTalk
- Instachat
- InstaMessage
- InstaG
- FoxIt MobilePDF
https://www.youtube.com/watch?v=_ce7wOfKrYY