Fourteen apps, which combined represent an estimated 80 million downloads, have serious flaws in the way they handle social logins, according to an analysis by AppBugs.
AppBugs, which makes an app for tracking security vulnerabilities, found the problems in a variety of Android apps, all of which use social logins — in which you log in to the app using your Google, Microsoft, Facebook, Twitter, or similar accounts.
Indicated problems are due to flaws in the way the apps handle SSL certificates, which web servers use to verify their identities. The flaws make it possible for an attacker to use a forged SSL certificate, enabling their own server to receive the users’ login credentials.
Here is the list of problem apps found by AppBugs. For more details, see AppBug’s page on social plugin vulnerabilities in mobile apps, which includes videos demonstrating each vulnerability.
- MeituPic
- Astro File Manager with Cloud
- gReader
- Windows Live Hotmail Push Mail
- JustUnFollow
- Brother iPrint & Scan
- Software Data Cable
- FriendCaster Chat
- PrintHand Mobile Print
- Phone for Google Voice & GTalk
- Instachat
- InstaMessage
- InstaG
- FoxIt MobilePDF