According to a recent blog post by Microsoft, several popular Android apps downloaded over 4 billion times could put users at risk. The company discovered a vulnerability in various Android apps that could allow cybercriminals to gain complete control over the app’s functions, and even access sensitive information and the victim’s account.
Microsoft explained that the vulnerability was identified due to an improper implementation of application isolation, which could allow a malicious app to overwrite essential files by tricking another application. The company notified the application developers about the vulnerability and worked with them to fix the issue.
Among the affected apps were Xiaomi’s File Manager, which had over 1 billion downloads, and WPS Office, which was downloaded over 500 million times. However, Microsoft confirmed that the issues with these apps were resolved in February. Users who have installed these apps must ensure their devices have the latest updates.
If an app allows remote file sharing through FTP and SMB protocols, as in the case of Xiaomi’s File Manager, the impact of the vulnerability could extend beyond the user’s device. For this reason, File Manager users are advised to reset their credentials and remain vigilant for any suspicious activity.
Microsoft is concerned that other apps may also have similar vulnerabilities, which have not yet been tested. Therefore, the company hopes its findings will encourage publishers to test their apps for these issues and avoid introducing such vulnerabilities into new apps or versions.
To protect themselves from vulnerabilities like these, Android users are advised to download apps only from trusted sources and keep their apps up to date with the latest versions.