YIBADA

Prominent Android Apps Still Contain HTTPS Bug

| Jun 22, 2015 08:06 AM EDT

Android

Security researchers recently revealed that more than 100 Android applications were susceptible to hackers. These apps failed to follow the proper implementation of HTTPS encryption on their login interface, while some apps do not adopt the HTTPS encryption at all.

According to Ars Technica, these affected apps were downloaded a total of 200 million times. What is more alarming is that respective developers of these apps were already informed of the perceived vulnerability in their software but failed to patch it.

Some of the major apps included in the list are official apps from the National Basketball Association, supermarket chain Safeway, Match.com dating app and Pizza Hut. The bugs on these apps were discovered by AppBugs, an Android app developer that creates software to detect unsecure apps installed on a device.

AppBugs CEO Rui Want said that the Match.com app does not use HTTPS encryption in sending usernames and passwords making it easy for hackers to acquire confidential information.

On the other hand, the NBA, Pizza Hut and Safeway apps do use HTTPS protocol but does not implement it properly. In this case, a hacker can use man-in-the-middle hacking tactics in order to obtain user information.

The HTTPS flaw is a major bug that affects millions of Android users. In April, researchers from City College of San Francisco flagged more than a dozen of Android apps due to the unpatched HTTPS flaw. The report claimed that the apps were collectively downloaded for more than 200 million times, according to Modern Readers.

The HTTPS flaw was first discovered in 2012 and prompted a massive security update for most apps running in the Android platform. However, the latest discovery revealing that the flaw is still present in some apps proves that some company takes the matter more seriously than others.

Related News

Most Popular

EDITOR'S PICK