Τι είναι το PlayDrone; Το λειτουργικό σύστημα Android της Google για smartphones και tablets έχει το γνωστό Google Play Store που προσφέρει στους χρήστες που το χρησιμοποιούν, πρόσβαση σε εκατομμύρια applications.
Application developers are constantly producing new ones each year, and as we have seen in the past, several of them use unsafe, unreliable coding practices. Several developers store secret keys in their applications, which could potentially allow cyber criminals to steal sensitive user data.
A team researchers from Columbia University's Department of Computer Science discovered a critical security issue in Google's official Android Play Store where millions of Android users download various apps.
Researchers have found that most of Android app developers often store their secret keys in their application code, such as usernames and passwords, which could then be used by any malicious user to steal information from service providers such as Amazon and Facebook.
These are vulnerable points they were even discovered in apps from “Top Developers,” as defined by Google Play, according to the researchers.
Google Play Store contains millions of applications, including free and paid apps, and over 50 billion downloads app.
"On Google Play, anyone can upload whatever they want with a $ 25 developer account," said Jason Nieh, a professor of computer science in New York.
Οι ερευνητές κατασκεύασαν ένα εργαλείου που λέγεται PlayDrone, το πρώτο εργαλείο ανίχνευση του Google Play store που χρησιμοποιεί διάφορες τεχνικές hacking για να εξαπατήσει τα μέτρα security used by Google to prevent Google Play store contents from being indexed. So one can successfully download all Google Play content and recover its sources.
"We have worked closely with Google, Amazon, Facebook and other service providers to identify and inform their customers who are at risk. "We are trying to make Google Play a safe place," said researcher Nicolas Viennot. "Google now uses our techniques (PlayDrone) to proactively detect applications for these problems and to prevent such problems in the future."
With PlayDrone they managed to download more than 1,1 millions of Android apps and rebuild over 880.000 free apps, analyzing over 100 billion decompiled code lines.
Will Google PlayDrone Save or Should Changes to Developer Policies?