Millions of Android users at security risk due to Google Play Store bug: Report

Check Point believes that hundreds of millions of Android users are still at significant security risk because of it.

Though Google had patched the bug in April and had rated it 8.8 out of 10 for its severity, many of the app developers are still using the outdated version of Google Core Library (GPC), which is where the bug was found. GPC enables developers to roll out in-app updates and new feature modules in their apps.

In September, researchers at Check Point randomly tested some of the popular Google Play Store apps and found that 13% of them were using GPC and 8% of them were still using the vulnerable version.

Bumble, OkCupid, Grindr, Microsoft Edge, Cisco Teams, Viber and Booking are some of the popular apps, which were red flagged by Check Point.

Check Point had notified the app developers about the vulnerability before making their findings public. Viber and Booking were among the first to update to the patched version, they claim.

“This described issue has been identified by our security team a month ago and it was fixed in Viber’s new version,” the company said in a statement to Mint.

“We’re estimating that hundreds of millions of Android users are at security risk. Although Google implemented a patch, many apps are still using outdated Play Core libraries,” Aviran Hazum, manager of Mobile Research, Check Point said in a statement.

Hazum warns, the vulnerability is highly dangerous and a malicious application can exploit it to steal two-factor authentication codes or inject code into banking applications to steal credentials. They could also inject malicious codes into social media apps and spy on users or in messaging apps to intercept messages.

Though Google Play Store is considered one of the most trusted app stores in the Android ecosystem, it is far from being fully secure. Bugs and apps with hidden malwares have been frequently detected and…