The CRYLOGGER tool was used to test 1,780 Android applications. Most popular applications
The researchers said the tool, which tested 26 core cryptography rules, found bugs in 306 Android apps. Some apps break one rule, while others break several.
The top three most violated rules include:
- Rule # 18 - 1775 applications: do not use an unsafe PRNG (pseudo-random number generator);
- rule number 1 - 1764 applications: do not use broken hash functions (SHA1, MD2, MD5, etc.);
- Rule # 4 - Applications 1,076: Do not use CBC (client / server scripts) operating mode.
These are the basic rules that anyone knows well.cryptographer, but rules that some application developers might not be aware of without having studied Application Security (AppSec) or Advanced Cryptography before entering the realm of application development.
After testing, Columbia University scientists said they also contacted all 306 Android app developers that were found to be vulnerable.
“All applications are popular: they have from hundreds of thousands of downloads to over 100 million, the research team said. “Unfortunately, only 18 developers responded to our first email request, and only 8 of them responded to us repeatedly, giving us useful feedback on our results.”
Since none of the developers have fixedtheir applications and libraries, researchers refrained from publishing the names of vulnerable applications and libraries, citing possible exploitation attempts against users of the applications.
Read also
Look at the 3D map of the Universe: it was compiled for 20 years and it has already surprised scientists
Scientists have found out why children are the most dangerous carriers of COVID-19
It turned out that made the Mayan civilization leave their cities