Mobile Users At Risk From Lack of HTTPS Use By Mobile Ad Libraries, Security Researchers Say
Recent vulnerabilities found in many advertising SDKs for Android apps could be mitigated by using HTTPS, researchers said
Fri, January 31, 2014
IDG News Service — Over the past several months security researchers have found serious vulnerabilities in many mobile advertising libraries that could be exploited to abuse the permissions of Android apps or to execute unauthorized code on users' devices. The risks resulting from those vulnerabilities would be significantly lower if those libraries would use HTTPS, security researchers said.
If, for example, an app using a vulnerable ad library has permission to access the Android device's camera, then a remote attacker could exploit this issue to take photos or record video over the Internet without the user's consent, the FireEye researchers said.
"Our analysis shows that, currently, at least 47 percent of the top 40 ad libraries have this vulnerability in at least one of their versions that are in active use by popular apps on Google Play," the FireEye researchers said.