A security flaw in Android’s code that potentially put millions of devices at risk has been revealed to have been harmlessly exploited by at least two apps which were freely available in the Google Play store.
The apps, Rose Wedding Cake game and Pirates Island Mahjong have had between 5000-10000 and 10000-50000 installs respectively. The offending apps were identified by Bitdefender, an antivirus software as reported on the HotforSecurity blog. Bitdefender explained that the apps ‘are not running malicious code ‘ they are merely exposing the Android bug to overwrite an image file in the package, most likely by mistake. In contrast, malicious exploitation of this flaw focuses on replacing application code.’
While the apps themselves pose no threat it is a source of concern that there were able to make it onto the Play store without throwing up any red flags with Google staff. The new patch released by Google in light of the weakness being identified prevents the potentially harmful apps from being installed.