Until recently, Google’s namesake Android app, which more than five billion installs to date, had a vulnerability that could have allowed an attacker to quietly steal personal data from a victim’s device.
Sergey Toshin, founder of mobile app security startup Oversecured, said in a blog post that the vulnerability has to do with how the Google app relies on code that is not bundled with the app itself. Many Android apps, including the Google app, reduce their download size and the storage space needed to run by relying on code libraries that are already installed on Android phones.
But the flaw in the Google app’s code meant it could
→ Continue reading at TechCrunch