US researchers find crypto bugs in 306 popular Android apps


New York, Sep 8 (IANS): A team of US researchers has developed a tool that can find cryptocurrency bugs in Android apps. Using the tool, they discovered crypto bugs in 306 popular Android applications.

Named 'CRYLOGGER', the custom tool was used to test 1,780 Android apps across 33 different Google Play Store categories, ZDNet reported on Tuesday.

The research team from Columbia University found crypto bugs in 306 popular Android apps and none was patched.

"Only 18 of 306 app developers replied to the research team and only eight engaged with the team after the first email," the report said, quoting the researchers.

"All the apps are popular: they have from hundreds of thousands of downloads to more than 100 million," the research team was quoted as saying.

While some crypto bugs were in the app's code, some common vulnerabilities were introduced as part of Java libraries used as part of the apps.

"Since none of the developers fixed their apps and libraries, researchers refrained from publishing the names of the vulnerable apps and libraries, citing possible exploitation attempts against the apps' users".

The new tool, said the researchers, can be used by Android developers as a complementary utility to CryptoGuard.

Just like CryptoGuard, CRYLOGGER's code is also available on open source repository GitHub.

 

  

Top Stories


Leave a Comment

Title: US researchers find crypto bugs in 306 popular Android apps



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.