Click to Skip Ad
Closing in...
  1. Amazon Deals
    09:57 Deals

    Today’s top deals: Exclusive deals for Prime members only, $6 car detailing tool, $2…

  2. Best Camera Drone Under $100
    08:43 Deals

    Best camera drone under $100 gets a rare extra discount at Amazon

  3. Best smart plugs for Alexa
    10:38 Deals

    Best smart plugs for Alexa: Kasa smart plugs hit Amazon’s lowest price

  4. Best Car Detailing Products
    14:14 Deals

    The best car detailing product is a $5.59 tool on Amazon that pros don’t want you to…

  5. Best Robot Vacuum And Mop Combo
    13:06 Deals

    The best robot vacuum and mop combo is Narwal’s T10, and it’s $100 off at Amaz…




Most of your favorite free Android apps leave you open to hackers

August 21st, 2014 at 2:10 PM
Free Android Apps Vulnerabilities

Security has always been a huge concern for Android users. From seemingly insignificant security flaws to massive outbreaks that make international headlines, it’s never a bad idea to be cautious when downloading a new app or browsing the web. Unfortunately, sometimes even being careful isn’t enough. In a recent analysis, the FireEye Mobile Security Team discovered that 68% of the top 1,000 free apps on Google Play are vulnerable to man-in-the-middle attacks.

According to OWASP, a man-in-the-middle (MITM) attack is when an attacker intercepts a communication between two systems and then splits the connection in two, injecting new data in between.

The 1,000 free apps were just a sample of the roughly 10,000 applications FireEye checked during the analysis. The results are just as unsettling on a larger scale as well:

“Roughly 4,000 (40%) [apps] use trust managers that do not check server certificates, exposing any data they exchange with their servers to potential theft,” writes the security team. “Furthermore, around 750 (7%) applications use hostname verifiers that do not check hostnames, implying that they are incapable of detecting redirection attacks where the attacker redirects the server request to a malicious webserver controlled by the attacker. Finally, 1,300 (13%) do not check SSL errors when they use Webkit.”

It’s up to developers to ensure their apps are protected from common vulnerabilities that could potentially lead to stolen data and information. Until then, think twice before downloading the latest free app.

Jacob started covering video games and technology in college as a hobby, but it quickly became clear to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat and Game Rant.




Popular News