Google has always characterized the Google Play Store not only as an Android app store, but also as a reliable and secure source of apps. However, this security is only as strong as the Google Play services themselves, and when the code behind it becomes vulnerable, everything can easily crash. Unfortunately, although Google has recently closed a security vulnerability in the Google Play Core Library, application developers are not doing their part, putting their own apps and users at risk.

As the name suggests, Google Play Core Library is one of the most essential components of Google mobile services that Android apps can use to facilitate the lives of developers and users. It provides functionality such as downloading additional languages, assets or features without the need to update the app from the Google Play Store. Almost all Android apps in the Play Store use these functions, making it an essential part of any Android app in the Core Library.

Unfortunately, a serious flaw in the Core Library took advantage of this functionality to make the library actually execute malicious code. Check Point Research provides detailed information on how the exploit works. He notes that this is a pretty scary vulnerability if not addressed. Fortunately, Google had already patched the Play Core Library last April, before the vulnerability was made public in August.

However, security researchers caution that application developers are still not updating to this latest version of the Google Play Core Library. Unlike server fixes where Google does all the work on its own side, such fixes must be implemented by application developers by updating their applications to use the fixed version of the library. They estimate that 13 percent of the apps on the Google Play Store do not yet support the latest Core Library version, according to the latest count.

This basically means that applications and users are still vulnerable to this vulnerability, which is currently known to both security experts and hackers. Some developers responded to Check Point’s report and updated their applications; however, some popular apps, including Microsoft Edge and Cyberlink PowerDirector, still haven’t made this update.

Update: According to the information from the Moovit application, which was stated that the news has not been updated yet, a correction has already been made. The news was organized according to this statement.



