Are Secret Keys in Google Play Still an Issue for Users?

It’s much easier and faster for app developers to publish an app on Google Play than on competitor’s app stores, which is why the Play store remains a popular place for the latest apps. Because of this, though, some malicious apps can get through. Thousands of users may download a malicious app before Google is able to remove it from the Play store. To ensure that your device stays protected against malicious apps, you should scan your device for malware after downloading a new app. Use Full Virus Scan to check your phone and SD card for any hidden threats:

A few years ago, one of these security threats included the discovery of secret keys hidden in Android apps. This was a major issue in 2014, and it left many worried about the security of their online accounts and how safe their private information really was. In this instance, it was discovered that many apps stored secret keys (such as password and username data) in their app software, which left users’ data vulnerable. This user data could then be used to steal data from Facebook or Amazon, among other websites. The Airbnb app, for example, left users’ private information exposed, which then revealed connected services such as Google, Yahoo, or LinkedIn.

Read More: How to Change Your Default Apps on Android

Back then, Android app developers didn’t have to submit their app for review before publishing their app on Google Play. Now, app developers must have Google approve their app before it can be published. This helps to cut down on malicious and unsafe apps in the Play store — yet that doesn’t mean that the Play store is 100% secure. Hidden malware, such as the Judy malware, is being discovered all the time.

App developers have been strongly advised over the years against storing secret keys in apps because of the security risks involved to themselves and their users. Thus, this issue should no longer be a concern when using major apps downloaded from the Play store. Google has made many efforts over the years to direct developers to remove secret keys from their software. Android also has a Keystore system for developers to use to make their apps more secure for their users. This helps to prevent unauthorized individuals from accessing key data.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Does Your Phone Listen to You for Ads? Myth vs. Reality

That feeling that your phone is “listening” is common, but the explanation usually has less…

57 years ago

Why Updating Android Helps Protect Your Phone, Even When Nothing Looks Different

Have you ever put off an Android update because you figured nothing would really change…

57 years ago

Your Phone Knows Where You’ve Been. Here’s Why That Matters More Than Ever

Do you know how many places your phone can remember from just one ordinary week?…

57 years ago

Does Changing Your Password Every Week Make Your Account Safer? Myth or Fact

You’ve probably heard that changing your password every week is a smart way to keep…

57 years ago

What Happens When You Tap “Allow” on an Android App?

You install a new app, open it for the first time, and the screen pops…

57 years ago

5-Minute Monthly Phone Check: What to Review on Android

You unlock your phone to answer a quick text and, without even noticing it, pass…

57 years ago