Android apps

A cross-site scripting (XSS) vulnerability exists in the browser version of AirDroid, a cloud management application for Google’s Android phones. According to an alert from the US-Computer Emergency Readiness Team (US-CERT), at the current time, there is no patch planned and there is no logical workaround.

Phony, potentially malicious apps are continuing to make their way into Google’s Play marketplace, triggering debate over whether applications are being properly vetted for adhering to the company’s marketplace policies.Developers at the Root Uninstaller Team have called out another app publisher, Team DROID, for copying their work after duplicate, “hacked” versions of Root Uninstaller’s apps have popped up in Google’s Play market over the past few weeks.

A South Korean security provider says it’s uncovered popular Android apps that want more information than is required, putting users at risk.AhnLab, Inc., headquartered in Seoul, analyzed 178 of the best-rated Android applications using its cloud-based app security analysis tool, ranking each app on a scale of 1 to 100 in degree of risk. Any app receiving 60 or above was classified as malicious across five different access categories: personal information, service information, location information, service charging and device information.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.