Pages

These Android Apps Are Causing Identity Theft by Leaking API Keys

Android apps are not known for being all that secure, but people continue to use them because of the fact that this is the sort of thing that could potentially end up keeping them within the second biggest app ecosystem in the world. Researchers at the cybersecurity firm known as CloudSEK managed to discover hundreds of Android apps that are putting their users at risk of identity theft among other privacy violations.

Around 600 apps were reviewed as part of this study. With all of that having been said and now out of the way, it is important to note that around 300 of them were leaking API keys. These keys belong to transaction service providers as well as email marketing firms. Hence, malicious actors that get their hands on these keys may be able to defraud users since the keys will make them seem more legitimate than might have been the case otherwise.

Malicious actors may be able to go so far as to modify MFAs, thereby enabling them to gain access to user accounts and pose as them with no one else being the wiser. What’s worse is that these apps have received a collective 54 million downloads. Most of these users are from the US, but users from India, Spain, the UK as well as Russia have also been impacted.

The APIs that are getting leaked belong to companies as massive as MailChimp. These companies offer third party applications, all of which may end up getting compromised if the leaked keys end up in the wrong hands.

This just goes to show that users should be exceptionally discerning about the apps that they choose to use. Each app must be thoroughly vetted, otherwise the chances of malfeasance would be a little too high for comfort.

Google also needs to play its part in keeping such apps at bay, because the current state of their ecosystem is neither safe nor sustainable. Only time will tell if Google will manage to stem the rising tide of apps that are irresponsible at best and outright malicious at worst.


Read next: How Can You Prevent Chatbot Scams? This New Step-By-Step Guide Is The Answer

No comments: