Apps that make sloppy use of SD cards leave your phone vulnerable to hackers

Apps that make sloppy use of SD cards leave your phone vulnerable to hackers

Android apps that make careless use of external storage (such as SD cards) could leave your phone vulnerable to hackers. AdvertisementYour phone's int

Free video sites to watch and upload videos.
Itel debuts three smartphone on Android™ Oreo™ system [Go-edition]
Qservers Web Hosting Review Plus Coupon Code For 2 Months Free Hosting


Android apps that make careless use of external storage (such as SD cards) could leave your phone vulnerable to hackers.

 
Advertisement

Your phone’s internal storage is carefully managed – each app uses it separately, and it’s protected by the Android sandbox. External storage, like SD cards, is different. It allows data to be shared between apps and doesn’t have the same protection.

 
 

Researchers from Check Point Securitydiscovered that apps that use external storage without proper security precautions leave devices vulnerable to ‘Man-in-the-Disk’ attacks. These could allow a hacker to install malware, prevent legitimate apps from running, and even make apps crash.

 
 

External affairs

A developer might use external storage to make it look as though their app uses less space than it actually does, to make it compatible with older devices, or to provide extra space when the phone’s internal storage isn’t enough.

 

Google provides some basic guidelines for developers who decide to do this:

 
  • Perform input validation when handling data from external storage
  • Do not store executables or class files on external storage
  • External storage files should be signed and cryptographically verified prior to dynamic loading

However, Check Point found several apps in the Google Play Store that ignored these rules, including two of Google’s own tools: Google Translate and Google Voice Typing. Neither of these apps validated the integrity of data from external storage, and the researchers were able to exploit that vulnerability to make them crash.

 

They also discovered that Xiaomi Browser used external storage to store app updates. By replacing the update code, they were able to cause a different app to be installed without permission. Check Point contacted Google, which released a fix shortly after, but XIaomi chose not to act.

 
 

“From experience then, it would seem that mere guidelines are not enough for OS vendors to exonerate themselves of all responsibility for what is designed by app developers,” Check Point said. “Instead, securing the underlying OS is the only long-term solution to protecting against this new attack surface uncovered by our research.”

COMMENTS

WORDPRESS: 31
  • Isaiah Ogbole
  • Blondi

    Thanks for the information

  • Danreuben
  • festuskenny1

    Didn’t know some app affect our sd ooo. I need to be careful now

  • Fadai4all

    One had to be careful

  • Lucky Bari Ndoonu

    Can the SD go for all phone

  • John Igwut

    I really do like dis info
    It’s very helpful

  • Anako144
  • Joel Esemitodje

    What’s going on? I placed request for a withdrawal and I’ve not gotten alert since Saturday. Does this site pay at all?

    • Chikezie Bright

      yes sir.this site pays.
      withdrawals made on sautrdays and sundays would be paid the coming sunday or even saturday
      i assure you
      NAIJAHOW PAYS.

  • Owaseye

    This is a great info

  • Sunday Akabike

    Thanks fir this info

  • FETTY1738

    Thank very much

  • Gab Twee

    Thanks for this

  • Princeenoch

    This information is really helpful

  • aanyy

    Now i know, thanks

  • Gadgetjar

    Nice information

  • Tina Nnedimma Obuasi
  • Abass2018

    Thanks for the information it real goes along way

  • Tope Olanihun

    hmmm…. na wa ooo

  • Nora123

    Nice post
    Really didn’t knw this before now

  • Kayode Olatide
  • Udypatrick

    And I didn’t know all this while… Thanks for the information

  • Teddyola
  • Destin

    Hmm, this is good

  • Akinade Oluwasheyi

    Thanks for this useful info

  • Kemseycollins

    Quite informative

  • sadeex27
  • greatemma

    Thank you admin

  • Naikak Nkanta

    NaijaHow enlightens. Thanks, admin.

  • Adedamola Henry