Some Android app APIs have been putting users at risk
Rather worryingly, an analysis of 600 Android apps, which are available on the Google Play Store has found that around 50% of all the apps examined were leaking the API keys of three of the most popular email marketing service apps.
An API or application programming interface is what allows apps and services to better integrate their work with third-party sites and services so that they can work seamlessly together with all the work going on in the background. Unfortunately, here, the types of apps that are leaking are some of the worst you could imagine for this type of breach to occur with. They are the types of apps that online companies and services use to collect customer contact details and manage outbound marketing campaigns meaning there is a lot of vulnerable data flowing through the API keys.
The analysis by contextual AI cybersecurity specialists CloudSEK used the company’s BeVigil security search engine to investigate the 600 Google Play Store apps. It found that Mailchimp, Sendgrid, and Mailgun API keys were being leaked by roughly half of all the apps, allowing sensitive data to pass to malicious third parties that could see user security compromised and place them more at risk of being targeted by online scammers.
To drive home the seriousness of the issue, the affected apps have already been downloaded 54 million, with each of them now at risk of having any and all details leaked via the API keys. According to CloudSek, the breach could enable malicious actors to read emails, steal customer data, access email lists, and even run email marketing campaigns as representatives of the compromised businesses. This last one means that users who are exposed in this way will be particularly vulnerable to sophisticated phishing campaigns that would be incredibly difficult to spot.
It is shocking, to say the least, that such a huge number of vulnerable apps have made it onto the Google Play Store and that prominent services are seeing their APIs so easily breached in this manner. As ever, with phishing scams on the rise these days, we will point you to this helpful infographic for spotting scam emails and phishing scams, which is full of tips to help you stay safe from these popular types of scams.Advertisement