Are Secret Keys in Google Play Still an Issue for Users?

It’s much easier and faster for app developers to publish an app on Google Play than on competitor’s app stores, which is why the Play store remains a popular place for the latest apps. Because of this, though, some malicious apps can get through. Thousands of users may download a malicious app before Google is able to remove it from the Play store. To ensure that your device stays protected against malicious apps, you should scan your device for malware after downloading a new app. Use Full Virus Scan to check your phone and SD card for any hidden threats:

A few years ago, one of these security threats included the discovery of secret keys hidden in Android apps. This was a major issue in 2014, and it left many worried about the security of their online accounts and how safe their private information really was. In this instance, it was discovered that many apps stored secret keys (such as password and username data) in their app software, which left users’ data vulnerable. This user data could then be used to steal data from Facebook or Amazon, among other websites. The Airbnb app, for example, left users’ private information exposed, which then revealed connected services such as Google, Yahoo, or LinkedIn.

Back then, Android app developers didn’t have to submit their app for review before publishing their app on Google Play. Now, app developers must have Google approve their app before it can be published. This helps to cut down on malicious and unsafe apps in the Play store — yet that doesn’t mean that the Play store is 100% secure. Hidden malware, such as the Judy malware, is being discovered all the time.

App developers have been strongly advised over the years against storing secret keys in apps because of the security risks involved to themselves and their users. Thus, this issue should no longer be a concern when using major apps downloaded from the Play store. Google has made many efforts over the years to direct developers to remove secret keys from their software. Android also has a Keystore system for developers to use to make their apps more secure for their users. This helps to prevent unauthorized individuals from accessing key data.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.