Microsoft’s security research team has raised concerns about certain apps on the Google Play Store that could compromise the security of Android smartphones, affecting a staggering 4 billion users.
In a recent blog post, Microsoft’s Threat Intelligence Team revealed that they discovered vulnerabilities in several applications on the Google Play Store, collectively accounting for over four billion installations. The team warned that similar vulnerability patterns might exist in other apps as well.
Microsoft highlighted two prominent apps, Xiaomi’s File Manager with over 1 billion installs, and WPS Office with over 500 million installs. After notifying Xiaomi, the company swiftly addressed the security issue. Similarly, WPS Office also updated its app to fix the flaw. Despite the fixes being implemented in February, users are advised to update these apps immediately if they have them installed on their Android devices.
The security threat posed by these apps involves the potential for malicious software to alter server settings, enabling communication with attacker-controlled servers. This could lead to the transmission of sensitive user information such as authentication tokens.
Microsoft emphasized the importance of keeping mobile applications updated through trusted sources like the Google Play Store. Users are urged to install applications only from trusted sources to mitigate the risk of malicious apps.
Microsoft shared its findings with Google’s Android Application Security Research team, collaborating to guide developers in recognizing and avoiding such vulnerabilities. The company stressed the need for ongoing collaboration among security researchers, vendors, and the broader security community to improve overall security across platforms.
By staying vigilant and prioritizing security updates, users can help safeguard their devices against evolving threats in the digital landscape.