Another day, another Android vulnerability discovered. Researchers at the University of Michigan have discovered more than 400 apps that are vulnerable to open port malware attacks. All of the apps are found on Google Play, and many of them have tens of millions of installs so far.
In other words, millions of Android users are currently at risk of an attack — though we don’t yet know if anyone has been affected as a result of the vulnerability.
To identify the vulnerable apps, researchers used a custom tool to analyze hundreds of thousands of apps on the Google Play Store. As a result of the analysis, 410 apps were identified as vulnerable to open port attacks. In those apps, there were just shy of a thousand total exploits. Which app are affected is not yet known, but the researchers indicate that the vulnerabilities have been reported to developers, which means most, if not all, of the vulnerabilities will be patched in the near future.
So what exactly is an open port attack? Put simply, an open port is a tiny vulnerability in the apps code that acts like a crack in a wall, allowing hackers to get in and gain access to user data and eventually remotely install malware onto the phone.
Unfortunately, we may never know exactly what apps are affected and how to protect ourselves in this specific case, but there are always a few things you can do to minimize your risk of being hacked. For example, never download apps that aren’t from the Google Play Store. Not all apps are safe — but at least you won’t be downloading apps with malware in the code. You should also generally stick to well-known developers on the Google Play Store, as they’ll often be more serious about developing safe apps.
- Does your Mac really need antivirus software? We asked the experts
- How to remove malware and viruses from your Android phone
- Massive iPhone security flaw left millions of phones vulnerable to hacks
- Contact-tracing apps may seem like the coronavirus solution. They’re not
- A beginner’s guide to Tor: How to navigate the underground internet