Android Apps: 150M Downloads 'Vulnerable' to Heartbleed Bug; Gaming Apps Targeted
By Pavithra Rathinavel | April 24, 2014 11:03 PM EST
Although security patch for Heartbleed bug is available and many Web sites and services patched successfully requesting the users to change their passwords, Android apps somehow has slipped the purview of scrutiny.
A Google Android figurine sits on the welcome desk as employee Tracy McNeilly smiles at the new Google office in Toronto, November 13, 2012.
Android apps are very much vulnerable. Updating the security patch for all the vulnerable Android apps is not an easy task.
According to a new study by FireEye, a security research firm, there were nearly 150 million downloads of Android apps that were vulnerable to the Heartbleed bug, as reported by Re/code.
FireEye researchers said the classified Heartbleed finder/detector apps that can be downloaded from Google Play store do not have the capability to uproot the vulnerable apps that have been downloaded.
Even though there were as many as 17 Android security apps that scan for the bugs and vulnerabilities among apps periodically, at least six of such security apps used insufficient techniques to check for this particular Heartbleed vulnerability. Thus, they ignored the bug and assumed it to be a genuine app.
The researchers said, "Android apps frequently use native libraries, which either directly or indirectly leverage vulnerable OpenSSL libraries. Hence, even though the Android platform itself is not vulnerable, attackers can still attack those vulnerable apps. They can hijack the network traffic, redirect the app to a malicious server and then send heartbeat messages to the app to steal sensitive memory contents."
Apps Affected the Most
Most of the apps affected by Heartbleed bug were Gaming apps. Although gaming apps did not store useful or sensitive data, many of such apps used authorization credentials linked to Facebook, Twitter or any other social networking sites' accounts.
Letting the hacker to hijack a gaming app account provided access to valuable or sensitive data from social networking accounts.
The only consolation was that the prompt app developers were doing all that they can to patch their apps to avoid being vulnerable to the deadly and widespread Heartbleed bug.
As April 10, there were about a whopping 220 million downloads of apps vulnerable to the bug. But when the same test was run after a week on April 17, the number of such downloads reduced to 150 million.
To contact the editor, e-mail:
Most Popular Slideshows
- Taylor Swift Named Forbes' Second Highest Paid Country Musician [PHOTOS]
- Forever Lost: Indescribable Anguish for Malaysia Airlines MH17 Families, Remains of Some Victims May Never Be Found (PHOTOS)
- Lunch with the Gods: Pope Francis Eats with Vatican Workers in Cafeteria
- Transfer News: FC Barcelona Shockingly Sign Valencia Defender [PHOTOS]
Join the Conversation
- iPhone 6 Release Date Relevance to iOS Newbies: Specs Meaning, Price Considerations
- Nexus 6 Likely Confirmed as Motorola 5.9-Inch Phablet on Release Date – Report
- Sony Xperia Z3: Release Date, Five Features to Expect from New Android Smart Phone
- Samsung Galaxy Mega 2 Reportedly Cleared by FCC: Five Fresh Features to Expect from Android Smart Phone
- Xiaomi Mi4 vs. OnePlus One—Specifications, Features, Release Date and Price Showdown
- Transfer News: In Demand Everton Midfielder Silence Speculations by Penning New Deal [VIDEO]
- True Blood Spoilers: Alcide Killed because Season 7 is Bill, Sookie’s Season
- Reebok Launches Bacon Line to Lure CrossFit and Paleo Diet Fans
- Transfer News: Star Midfielder Pledges Future with Manchester City [VIDEO]
- ACT Party's Demand to Re Consider Maoris Privileges Evokes Reprimand