Many Apps In Google Play Are Vulnerable To A Critical Bug In The Play Core Library

The security experts from Check Point has warned that developers of many popular Android applications forgot to update one important library and are now vulnerable to attacks.

According to Check Point, about 8 percent of apps in Google Play use old and unsafe versions of the Play Core library. Google created this library, and developers can embed it into their apps to interact with the official Google Play Store. The library is very popular because it can be used to download and install updates from the Play Store, modules, language packs, and even other applications.

This bug could be exploited by a malicious application installed on the user’s device and with its help injecting dangerous code into other applications, as well as stealing confidential data, including passwords, photos, 2FA codes, and much more. 

The vulnerability has been identified as CVE-2020-8913 and has been known since August. Google has fixed the bug with the Play Core 1.7.2 release in March 2020. However, according to Check Point, not all developers have updated the Play Core library in time, and now their users are at risk.

In a scan in September, 13 percent of apps in the Play Store used the Play Core library, only 5 percent used an updated version, while 8 percent used a version that was more than six months old and affected by the vulnerability.

Check Point researchers write that they notified the authors of all vulnerable applications about the problem, and only some of them fixed the issue.

Sabarinath is the tech-savvy founder and Editor-in-Chief of TechLog360. With years of experience in the tech industry and a computer science background, he's an authority on the latest tech news, business insights, and app reviews. Trusted for his expertise and hands-on tips for Android and iOS users, Sabarinath leads TechLog360 with a commitment to accuracy and helpfulness. When not immersed in the digital world, he's exploring new gadgets or sharing knowledge with fellow tech enthusiasts.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

More from this stream