Some Android app APIs have been putting users at risk
Rather worryingly, an analysis of 600 Android apps, which are available on the Google Play Store has found that around 50% of all the apps examined were leaking the API keys of three of the most popular email marketing service apps.
An API or application programming interface is what allows apps and services to better integrate their work with third-party sites and services so that they can work seamlessly together with all the work going on in the background. Unfortunately, here, the types of apps that are leaking are some of the worst you could imagine for this type of breach to occur with. They are the types of apps that online companies and services use to collect customer contact details and manage outbound marketing campaigns meaning there is a lot of vulnerable data flowing through the API keys.
The analysis by contextual AI cybersecurity specialists CloudSEK used the company’s BeVigil security search engine to investigate the 600 Google Play Store apps. It found that Mailchimp, Sendgrid, and Mailgun API keys were being leaked by roughly half of all the apps, allowing sensitive data to pass to malicious third parties that could see user security compromised and place them more at risk of being targeted by online scammers.
To drive home the seriousness of the issue, the affected apps have already been downloaded 54 million, with each of them now at risk of having any and all details leaked via the API keys. According to CloudSek, the breach could enable malicious actors to read emails, steal customer data, access email lists, and even run email marketing campaigns as representatives of the compromised businesses. This last one means that users who are exposed in this way will be particularly vulnerable to sophisticated phishing campaigns that would be incredibly difficult to spot.
It is shocking, to say the least, that such a huge number of vulnerable apps have made it onto the Google Play Store and that prominent services are seeing their APIs so easily breached in this manner. As ever, with phishing scams on the rise these days, we will point you to this helpful infographic for spotting scam emails and phishing scams, which is full of tips to help you stay safe from these popular types of scams.
Other way: don’t install that crappy AV!
I had GOM player slip this in on an update.
Hi! You can also find detailed instructions here: http://www.avg.com/ww-en/secure-search-uninstall I hope it helps. Thanks.
if anyone actually took the time to read through their earnings statement would understand the importance of the toolbar, it’s a cash cow, and can’t blame them for pushing it to uninformed users.
it’s not a company to bet on when it’s driven mostly by short term revenue rather than innovation…
The sitesafety plugin is spyware which cannot be removed from your browser EVER. I have uninstalled the toolbar, and made the error if saying “Yes, keep sitesafety for secure web searches” which means FOREVER. I have deleted all files pointing to AVG, because they will no longer uninstall through control panel add/remove. “Could not uninstall at this time try again later” I don’t want to DISABLE it I want it GONE. But it keeps regenerating. AVG Secure Search directory keeps coming back to life in my Programs Folder, even though I removed everything called AVG in document and settings profiles for administrator, all users, myself, default users, it keeps coming back. It keeps UPDATING with Firefox’s update plugin option, so I am unable to auto update my other VALID plugins due to that one being auto updated and reinstalling everything too. NEVER USE AVG for anything, THEY refuse to help remove it too. They say it is something I must have done. YES, I made the mistake of clicking “Yes, keep avg secure search while removing the toolbar” I have read elsewhere that this IS THE KILLER DECISION. It makes removing secure search impossible.
I cannot seem to block AVG security search toolbar from reinstalling. Whether I use windows uninstall or Revo, I get “Could not uninstall at this time try again later. Revo does show all the files it thinks are related to AVG secure search toolbar, which are scattered throughout my drive, and I select all and delete. The next day I get a new task-bar pop up asking to activate, I decline, but look in the programs and there is AVG secure search listed again!!! I tried in Chrome to block any cookies from AVG, [*.]avg.com, Blocked, under privacy setting. Any thoughts. I also have Symantec endpoint protection but it has no clue this is going on. Any ideas?
“So what’s the purpose of the toolbar? It ships with a link scanner that displays security information about websites. This is similar to what Web of Trust does. The toolbar itself offers search, weather information, a link to a speedtest and other features that are not really related to security.” Relevant security information about known/unknown websites; a SMALL matter you omitted. Similar to Web of Trust but not the same; another omission In math terms no equal. No, these features are not related to security but are securely offered. Correct me on the last point if I am wrong. I will ask AVG as I conclude with our conversation. “Martin Brinkmann… He is passionate about all things tech and knows the Internet and computers like the back of his hand.” Yea, sure. And at my age I am just to believe it “because I read it on the Internet.” What? Did you write this yourself, Martin? Not ALL of us fall for the same old lame lines. Superior products come from Germany as do Sweden. AVG will tell anyone, for free, how to uninstall their free product line. How would I know? I asked them! Oh, but pardon me. My day and age has passed; you “blogger’s” know everything know adays. Asking a company is tantamount to stupid these days for you young people. I would suppose you consider all the times AVG Safe Search and Surf Shield saved a computer one time as to all the other useless apps out there that freeze a computer to be the main danger to the computer. And we are talking computers, Mr Brinkmann, as a cell phone is a computer with the ability to make a call. Verses a true mobile phone back in my day. Well, you have better things to blog about than an old man like me. In the end, sir, the problem IS the end user and not a company who builds free products for those who know not how to employ them. Try writing about the ineptitude of the end-user. After all if everyone knew their computers OS and how to…… Well, safe to say, Mr. Brinkmann, your work shall never end.
All I have left on my pc is AVG secure search. When I try the normal Uninstall page of Control Panel, it just hangs and I end up having to restart. The longest we have left it is 4 hours. I have also tried Revo, as another forum swears by it. Same problem.
Even the AVG site gives you both the Unistall option (that doesn’t work) and the Add Ons option (I use Firefox). Neither work at all.
Whatever I do, it just hangs. I cant get rid of it. Please help.
AVG CRAP can be easily removed with FILE UNLOCKER, COMPLETELY REMOVED! After
removing AVG CRAP, restore IE by downloading Microsofts IE repair software. PRESTO – NO
MORE AVG BULLSHIT or lame Indian tech support asking for payment to remove their own
garbage. AVG installs if you download winzip7 from softpedia, and system information wizard from other download sites.
I removed all instances of vprot.exe from my registry and startup (run). I then removed everything under “C:\Program Files (x86)\AVG Secure Search”. Then I edited the properties of the “AVG Secure Search” directory, removing inheritance and leaving my account as having the only access and finally, I denied my accounts right to traverse folder/execute file. After a several reboots for good measure, I am having no problem.
Since the directory exists, AVG can’t create it and the system has no rights to the one that exists, so whatever process keeps reinstalling it, is shutdown cold.