Skip to main content

Vulnerable apps on Google Play put millions of users at risk of an attack

Google play
Another day, another Android vulnerability discovered. Researchers at the University of Michigan have discovered more than 400 apps that are vulnerable to open port malware attacks. All of the apps are found on Google Play, and many of them have tens of millions of installs so far.

In other words, millions of Android users are currently at risk of an attack — though we don’t yet know if anyone has been affected as a result of the vulnerability.

To identify the vulnerable apps, researchers used a custom tool to analyze hundreds of thousands of apps on the Google Play Store. As a result of the analysis, 410 apps were identified as vulnerable to open port attacks. In those apps, there were just shy of a thousand total exploits. Which app are affected is not yet known, but the researchers indicate that the vulnerabilities have been reported to developers, which means most, if not all, of the vulnerabilities will be patched in the near future.

So what exactly is an open port attack? Put simply, an open port is a tiny vulnerability in the apps code that acts like a crack in a wall, allowing hackers to get in and gain access to user data and eventually remotely install malware onto the phone.

Unfortunately, we may never know exactly what apps are affected and how to protect ourselves in this specific case, but there are always a few things you can do to minimize your risk of being hacked. For example, never download apps that aren’t from the Google Play Store. Not all apps are safe — but at least you won’t be downloading apps with malware in the code. You should also generally stick to well-known developers on the Google Play Store, as they’ll often be more serious about developing safe apps.

Editors' Recommendations

Christian de Looper
Christian’s interest in technology began as a child in Australia, when he stumbled upon a computer at a garage sale that he…
Google Play Store now offers third-party app payments, but only for some users
The Google Play store icon on an Android phone.

Google will now open up its Play Store as a result of the European Union's Digital Markets Act, the company announced today. Now, any developers distributing apps or games in Europe (the European Economic Area, to be precise) will be able to sidestep the Google Play billing system with no penalty. The change comes after a similar push in South Korea.

"As of today, Google will not remove or reject updates of non-gaming apps from participating developers for offering alternative billing systems for EEA users. Google Play’s billing system will continue to be required for apps and games distributed via Play to users outside the EEA and for games distributed to users within the EEA. We expect to expand billing alternatives to developers of gaming apps for their users in the EEA, in advance of the DMA's effective date," Google's Estelle Werth, director of EU Government Affairs and Public Policy, said in a blog post.

Read more
Google Play improves privacy, payments, and subscriptions 
Person holding Samsung Galaxy smartphone showing Google Play Store.

Google is introducing several new features that will help game and app developers to engage and grow their audience while further improving privacy and security.

At this year’s Google I/O conference, the Google Play team is focusing on new initiatives to create an even safer app ecosystem for users and developers alike while also adding new tools for developers. These include new custom store listing options, increased flexibility in pricing models for in-app subscriptions, and more. The Google Play team outlined these new initiatives during its What’s New in Google Play session at Google I/O 2022.

Read more
Google faces lawsuit over controversial Play Store change
Google Play Store on the OnePlus Nord 2.

Google has started requiring all Android apps sold in the Play Store that use in-app payments to use Google's Play Store billing system and nothing else -- or leave the store. This hasn't gone down well with the Match Group, creator of dating services including Tinder and the eponymous Match. The company is now suing Google over monopolistic and anti-competitive actions, alleging irreparable harm to Match's business and calling the move to remove its app a "death knell threat" to their business.

Google had previously allowed Match's apps, including Tinder, to opt out of using the Play Store's billing system, but the company has changed its mind in recent months. Rather, it will be requiring all apps in the Play Store which support in-app Payments to use Google's Play billing system without the option of a third-party payments processor. This will exclude apps that sell physical goods like Uber Eats and Amazon, but ensnare those which sell digital goods like Amazon's Audible and Kindle apps. For Match, which had previously been allowed to run its own payment system side-by-side with Google's, the move comes as a slap in the face.

Read more