If you haven’t heard of AirDroid, you should check into it, because it’s an amazing app. You may want to wait a couple of weeks before actually installing it, however, because security firm Zimperium has found a number of critical vulnerabilities in the app that puts anyone who uses it at risk.
Created by Sand Studios, AirDroid is an app that allows you to share messages and files between your phone and your PC, which is fantastic.
The problem is that the app utilizes unsecured channels to send data between the app and their statistics server, which means that any semi-talented hacker could use a man-in-the-middle attack and intercept the data in order to gain access to your login credentials.
Armed with those, they can force an update of the app, injecting malicious code that allows them full control, and suddenly, they have unfettered access to both your phone and your PC where they can cause all manner of mayhem.
Sand Studios has made the short-term recommendation that users simply uninstall the app until a fix can be implemented, and a spokesman for the company estimated that they would have one ready in about two weeks.
This is hardly the first time that an Android app has been found to have a critical security flaw, but thanks to rigorous checking and testing, almost none of the flawed apps are available on the Google Play store.
That’s what makes this case both interesting and noteworthy. The app was thoroughly scanned and checked, and has been available on the Google Play store for months.
In that time, it has developed a robust user base, more than fifty million strong.
Unfortunately, this won’t be the last time we see something like this. The hackers are always on the lookout for any weakness they can exploit. If you are a current AirDroid user, take the company’s advice and uninstall it until they release the patch, or you are putting yourself and your files at risk.