Android app with 20 million downloads could have exposed your web history and texts

When you subscribe we will use the information you provide to send you these newsletters. Sometimes they’ll include recommendations for other related newsletters or services we offer. Our Privacy Notice explains more about how we use your data, and your rights. You can unsubscribe at any time.

A vast number of Android users will be hugely concerned to hear news about a worrying flaw that was recently discovered in one of the world’s most popular applications. The Google app, which has been downloaded a staggering 19.8 million times from the Play Store, allows users to gain instant access to the web, find answers to questions, and search local weather and traffic reports.

However, according to one security expert, it could also hand hugely personal details including full web history over to hackers. Sergey Toshin, from cyber threat firm Oversecured, has exposed a vulnerability within the Google app that could offer thieves a convenient way to steal data from a device. The flaw was disclosed in his blog post.

All hackers would need to do is get Android fans to install a fake app on their devices which, once opened, would set about infiltrating the Google app and steal all of the personal data held within it.

As Toshin explains, “While securing pre-installed apps on Android devices, we discovered persistent arbitrary code execution in the Google app. This could have allowed any app installed on the same device to steal arbitrary data from it, for example, accessing a Google account, user’s search history, voice assistant interaction data, mail from Gmail, and to intercept app rights, including access to read and send SMS messages, contacts, call history (as well as making and receiving calls), calendar, microphone, camera, location, Bluetooth and NFC.”

Nearby Share: Android explain how users can use new feature

Luckily, Google fixed the issue in May 2021 but it’s a good example of how personal data could easily end up in the wrong hands.

Speaking to TechCrunch, a Google spokesperson confirmed that the vulnerability is no longer active and there’s no evidence that it was ever used to hack smartphones. Along with Google, Toshin said that a similar problem was discovered within the TikTok application.

Although this latest threat appears to have passed by without millions been affected, attacks on Android continue to take place at an alarming rate, with hackers relying on a number of tricks to infiltrate devices and steal money or data from unsuspecting users.

According to AVAST, the main problem facing Android users comes from adware, which has accounted for around 45 percent of threats so far this year. Although adware doesn’t steal data it can fill devices with highly intrusive adverts that can make phones almost unusable.

The next big threat comes from fake apps which appear very genuine but, once downloaded can spy on the user, to expose them to ads or other malicious activity.

Finally, there are terrifying banking Trojans or “Bankers”. These often disguise themselves as genuine apps to access the banking details of unsuspecting users and trick them into giving up their bank account details by posing as a legitimate banking application and mimicking the login screen or supplying a generic login screen with the respective bank’s logo.

Source: Read Full Article