In an academic study, 12.706 Android application detected hidden access type such as secret access key, master password and secret command. Researchers state that these secret backdoor accesses could mean unauthorized access to attackers.
According to a comprehensive academic study published this week, 12.706 Android apps have detected behaviors similar to hidden backdoor access, such as the secret access key, master password, and secret command. Academics from the US and Europe have developed a tool called InputScope to detect these backdoor access in their research. This tool was used to analyze login form fields in more than 150,000 Android apps.
To take a closer look, scientists have studied 100,000 apps from the Play Store (based on their number of downloads), the 20,000 most popular apps from third-party stores, and over 30,000 apps installed on Samsung devices. The research team explained that their findings are alarming. It is stated that a total of 12,706 applications provide various types of back door access.
Open door to attackers
The researchers emphasize that these hidden open door mechanisms can allow attackers to gain unauthorized access to their phone users’ accounts. Moreover, if the attacker has physical access to a device and one of these applications is installed on the device, then the attacker can either access a phone or privately run code on that device via a command hidden in the application’s data entry area.
Researchers cite an example of a popular remote access application with over 10 million downloads. Through the master password in this application, access can be unlocked even if the user restricts access when he loses his phone. Besides that, again a popular screen lock app has an access key that will randomly reset the passwords of users to unlock the screen and log in to the system.
In another example, there is also an access key that allows access to the administrative interface of a popular broadcast application. In this way, an attacker can rearrange the application and unlock additional functions. Finally, in a popular translation application, a secret key was discovered that would eliminate paid membership.
Researchers state that they have detected such backdoor accesses in the 6,800 applications available on the Play Store. The number of incoming applications installed on Samsung devices is 4,800. The researchers said they had notified all developers who owned the apps that had this problem, but could not get back from some of them.
In addition to all these, it was determined that 4.028 Android application had bad word filter or black lists created for political reasons.