A team of US researchers has developed a tool that can find cryptocurrency bugs in Android apps. Using the tool, they discovered crypto bugs in 306 popular Android applications.
Named ‘CRYLOGGER’, the custom tool was used to test 1,780 Android apps across 33 different Google Play Store categories, ZDNet reported on Tuesday.
The research team from Columbia University found crypto bugs in 306 popular Android apps and none was patched.
“Only 18 of 306 app developers replied to the research team and only eight engaged with the team after the first email,” the report said, quoting the researchers.
“All the apps are popular: they have from hundreds of thousands of downloads to more than 100 million,” the research team was quoted as saying.
While some crypto bugs were in the app’s code, some common vulnerabilities were introduced as part of Java libraries used as part of the apps.
“Since none of the developers fixed their apps and libraries, researchers refrained from publishing the names of the vulnerable apps and libraries, citing possible exploitation attempts against the apps’ users”.
The new tool, said the researchers, can be used by Android developers as a complementary utility to CryptoGuard.
Just like CryptoGuard, CRYLOGGER’s code is also available on open source repository GitHub.