Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Google’s Industry Rivals Report Security Issues on Play Store, Chrome

    Written by

    Jaikumar Vijayan
    Published October 19, 2017
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Google’s penchant for publicly calling out the security failures of other vendors has recently come back to haunt it as two IT industry rivals have sounded the alarm about two of the search giant’s Online services.

      This week Symantec and Microsoft—companies that Google has previously cited for security vulnerabilities—issued their own disclosures to make about problems they discovered on Google’s products and services.

      In a blog Oct. 18 Symantec said it had found at least eight Android applications on Google Play that were infected with a malware dubbed Sockbot that is designed to add compromised systems to a botnet.

      The applications purported to help users modify the appearance of characters in the Minecraft Pocket Edition video game. But when users downloaded the apps, it would silently connect to a remote malicious server and add the device to a botnet that among other things could be used to launch distributed denial of service attacks, the security vendor said.

      Between 600,000 and 2.6 million users primarily in the United States and to a lesser extent in Russia, Germany, Brazil and Ukraine may have downloaded the malware on their devices, the security vendor said. Google has removed the applications after Symantec informed the company about the issue.

      The disclosure is the latest in a string of similar warnings that multiple security vendors have issued just this year about malware on Google’s supposedly secure mobile app store.

      In September, Check Point and Trend Micro issued separate advisories about finding dozens of Android applications on Google Play that were infected with different kinds of malware. Zscaler and PhishLabs made similar disclosures in April, Palo Alto Networks, did the same in March and Check Point in May.

      Google has touted several measures it has implemented to detect and block malicious applications on Google Play and to prevent them from running on Android devices. But the continuing ability of threat actors to get their malware on Google’s app store and infect millions of Android devices suggests the company’s work in this regard is still in progress.

      In what appears to be a new attempt to address the issue, Google on Oct. 19 announced a bug bounty program that will reward selected security researchers up to $1,000 for finding certain types of vulnerabilities in Android apps.

      The “Google Play Security Reward Program” is designed to motivate security research into popular Android apps on Google Play, the company announced Thursday. The developers of popular Android applications on Google Play are being asked to opt-in to the program and to allow security researchers to probe their software for certain vulnerabilities. Bug bounty coordinating firm Hacker One will manage the new program.

      Meanwhile, in a separate and lengthy post on the Windows Security Blog Oct. 18, a member of Microsoft’s security team described its discovery of a remote code execution vulnerability in Chrome and chided Google’s handling of the disclosure. “We responsibly disclosed the vulnerability that we discovered along with a reliable [Remote Code Execution] exploit to Google on September 14, 2017,” wrote Jordan Rabet, a member of the Microsoft security team.

      A fix for the problem was available in a beta version of Chrome within four days. But then Google made the source code for the fix publicly available on the GitHub repository even before it had been pushed to Chrome users. “In this specific case, the stable channel of Chrome remained vulnerable for nearly a month after that commit was pushed to [GitHub]. That is more than enough time for an attacker to exploit it,” Rabet said.

      Microsoft and Google have had at least one previous public run-in over bug disclosures. In October 2016 Google security researchers publicly disclosed the details of a zero-day bug in Windows before Microsoft had released a patch for it.

      At the time, Google’s security team said it had decided to do so—after giving Microsoft seven days to fix the issue—because the bug was already being actively exploited. Microsoft had called that decision ‘disappointing’ and criticized Google for not following responsible disclosure policies.

      In an apparent reference to that incident Rabet this week noted: ” Our strategies may differ, but we believe in collaborating across the security industry in order to help protect customers.”

      Jaikumar Vijayan
      Jaikumar Vijayan
      Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.