Geeks for your information News Privacy & Security News v
Some Android app APIs have been putting users at risk
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Some Android app APIs have been putting users at risk
harlan4096 Online
MalWare Zoo Team
*******
Posts: 12,793
Threads: 8,839
Thanks Received: 8,732 in 6,893 posts
Thanks Given: 9,634
Joined: 12 September 18
#1
Exclamation  21 December 22, 06:19
Quote:Rather worryingly, an analysis of 600 Android apps, which are available on the Google Play Store has found that around 50% of all the apps examined were leaking the API keys of three of the most popular email marketing service apps.

[Image: Some-Android-app-APIs-have-been-putting-...t-risk.jpg]

An API or application programming interface is what allows apps and services to better integrate their work with third-party sites and services so that they can work seamlessly together with all the work going on in the background.  Unfortunately, here, the types of apps that are leaking are some of the worst you could imagine for this type of breach to occur with. They are the types of apps that online companies and services use to collect customer contact details and manage outbound marketing campaigns meaning there is a lot of vulnerable data flowing through the API keys.

The analysis by contextual AI cybersecurity specialists CloudSEK used the company’s BeVigil security search engine to investigate the 600 Google Play Store apps. It found that Mailchimp, Sendgrid, and Mailgun API keys were being leaked by roughly half of all the apps, allowing sensitive data to pass to malicious third parties that could see user security compromised and place them more at risk of being targeted by online scammers.

To drive home the seriousness of the issue, the affected apps have already been downloaded 54 million, with each of them now at risk of having any and all details leaked via the API keys. According to CloudSek, the breach could enable malicious actors to read emails, steal customer data, access email lists, and even run email marketing campaigns as representatives of the compromised businesses. This last one means that users who are exposed in this way will be particularly vulnerable to sophisticated phishing campaigns that would be incredibly difficult to spot.

It is shocking, to say the least, that such a huge number of vulnerable apps have made it onto the Google Play Store and that prominent services are seeing their APIs so easily breached in this manner. As ever, with phishing scams on the rise these days, we will point you to this helpful infographic for spotting scam emails and phishing scams, which is full of tips to help you stay safe from these popular types of scams.
...
Continue Reading
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Malwarebytes 5.1.3.110
Malwarebytes 5.1.3...Mohammad.Poorya — 00:51
Music Videos
Billy Joel - The Riv...jAcos — 17:24
Movies! Movies!
Beverly Hills Cop: A...jAcos — 17:22
TV Series
Matlock Kathy Bat...jAcos — 17:16
F-Secure 19.4
What's new in the ...harlan4096 — 09:44

[-]
Birthdays
Today's Birthdays
avatar (42)techlignub
avatar (41)Stevenmam
avatar (48)onlinbah
Upcoming Birthdays
avatar (43)wapedDow
avatar (49)steakelask
avatar (43)Termoplenka
avatar (41)bycoPaist
avatar (47)pieloKat
avatar (41)ilyagNeexy
avatar (49)donitascene
avatar (49)Toligo

[-]
Online Staff
There are no staff members currently online.

>