Many Popular Android Applications Contain Outdated Code
Researchers have discovered that several popular Android applications come with obsolete software components that can open the door to security flaws.
It is that while most popular applications tend to receive constant updates, not only to facilitate the user experience or add new features, but also to cover certain security holes, many of these applications come with certain parts of obsolete codes that yes they could leave a gap open for external attacks.
This is exactly what the researchers at the security firm Check Point Research have found. “To verify our hypothesis that long-known known vulnerabilities may persist even in recently published apps on Google Play, we scan them for known patterns associated with vulnerable open source versions,” says the research firm.
Mobile applications often use ready-to-use components, known as libraries, to achieve specific functionality. However, it seems that these libraries of many popular applications on the market, have been outdated for a long time and that can only mean danger to the user
The researchers point out that they found dozens of Android applications such as the Yahoo browser, Facebook, Facebook messenger, Aliexpress, ShareIt and WeChat, which incorporate outdated libraries.
These failures affect the audio and video playback library that can allow an attacker to execute arbitrary code. Following the publication of the report, Facebook has indicated that “people who use Facebook services are not vulnerable to any of the problems highlighted in the Check Point report, due to the design of our systems that use this code”.
Malware targeting mobile devices has not stopped growing, while users keep their mobile phones unprotected. In addition, the attacks are now targeting the Internet of things, a sector with a very low level of security.
In any case that a popular application has an outdated library does not mean that it will be hacked, but it may show that those applications that move millions of dollars do not oversee the entire line of code of their creations.
On the part of the user nothing can be done, simply having always all the applications updated to the latest version, although if you distrust a particular application perhaps the other option you can have is to stop using it.