Top 5K free apps on Google Play Store have vulnerabilities that allow hackers to attack servers, says a report

The top 5,000 free apps on the Google Play store have around 1600 vulnerabilities in their support system, as discovered by cybersecurity researchers.

Researchers from Georgia Institute of Technology and the Ohio State University conducted research in which they studied the apps available on Google Play Store only. These apps on iOS may have the same vulnerabilities as well, but they were not part of the study.

The backend system from where the content and advertisements are served to mobile applications were affected by these vulnerabilities.

The vulnerabilities in the apps can let hackers get access to the databases where the sensitive information of users is installed. Through this, they may also get into mobile devices of users, too, said researchers.

Brendan Saltaformaggio, who is the assistant professor at School of Electrical and Computer Engineering, Georgia Institue of Technology, said the servers in the cloud are being affected by the vulnerabilities. Once the attackers get hold of server, they will be able to attack in multiple ways.

Investigations regarding whether hackers can attack the mobiles connected to the affected servers are still in progress. Saltaformaggio said they are still trying to figure out the answer; however, so far, the searches are raising alarms.


Researchers during their study came across 983 known vulnerabilities and 655 instances of zero-day vulnerabilities. These all were found in various layers of software of cloud-based systems that support the apps, like operating systems, communication modes, software services, and web apps.

Researchers have come up with an automated system, SkyWalker that can help in improving the security of mobile apps by vetting the cloud servers and software library systems.

The servers supporting mobile apps are usually operated by cloud hosting services instead of app developers on an individual level. The security of these servers can be evaluated with SkyWalker to ensure their protection.

It is now on Google how it will respond to study once it is resented at the conference.


Photo: Omar Marques/SOPA Images/LightRocket via Getty Images

Read next: Clicker Trojan found in 34 popular Android apps
Previous Post Next Post