According to the security company for mobile apps, the private data of Google users was oversecured via the Google app on the phones of Android users and vulnerable to cyberattacks.
Google acknowledged the vulnerability and said it rolled out a solution to the problem last month.
Oversecured said Thursday it discovered issues with the Google app code while it was working to secure preinstalled apps on Android devices.
The problem with Google’s code made the data in its app accessible to cyberattacks, including user search history, Gmail emails, contacts, call history, access to read and send messages, and much more.
“The attacker’s app only had to be started once for this attack to be successful,” says Oversecured on his blog. “After that, even if the app was removed, the malicious functionality would still exist independently in the Google app. In addition, the attack did not require consent or notification from the user. “
Google said that its Google Play Protect product detects and blocks such malicious apps, and the company is unaware that cyberattacks are exploiting the vulnerability.
The company also announced that it had delivered its fix to users in early May and announced Oversecured’s participation in its Vulnerability Rewards Program, which provides financial incentives for security researchers to uncover issues in Google products.
“We are grateful for the participation of Oversecured and the broader security community in these programs,” a Google spokesman said in a statement. “We rolled out a fix to our users more than a month ago and saw no signs of exploitation.”