Researchers at the University of Michigan have found gaping holes in Android app security. The problem is known as open port backdoors, and even some very popular apps are affected by the problem. The flaw could be used to gain access to your contacts, security credentials, photos and even to take control of your device. Nicole Casal Moore and Steve Crang write for Michigan News:
How to protect yourself
They have some advice for Android users: Update AirDroid to the latest patched version (AirDroid is pre-installed on some devices). Don’t use the default passcodes. Only launch vulnerable open port apps when you need them, and after using them, be sure to exit them fully through the task manager.
“When choosing an app whose functionality is data sharing across devices, proxy/VPN, or enabling the user to control a phone remotely—without physically accessing it—we recommend being extra careful. Consider using only those created by developers with good reputations,” said Yunhan Jia, a doctoral student in computer science and engineering who is involved in the research.
The team identified 410 apps with dangerous insecurities, and 956 different individual ways those insecurities could be exploited. Beyond these figures, they manually confirmed vulnerabilities in 57 applications, including popular file transfer mobile apps with 10-to-50 million downloads. Overall, the number of mobile devices at risk could turn out to be higher, as the researchers continue to investigate how open ports are used in mobile devices.
Read more here.