Google released their 2017 Android Excellence Apps, which are all listed here. We know features are very important to an app’s success, but the word “Excellence” and “Quality” should also include apps that are good (if not great) at security too. Data Theorem scanned all 12 of the apps that Google deems as “Excellence Apps” and the results are below:
- 13 Security P1 Issues/Google Play Blockers
- Issues that allow a remote attacker to exploit private data or security flaws that are supposed to be rejected by Google Play
- 24 High Severity
- Issues, if compromised, will exposed data that is considered to be regulated Confidential, Sensitive, or Private.
- Over 9% of the issues are sourced from unvetted third-party SDKs or open source libraries
What’s interesting about these apps as they all handle sensitive data of the user, including, but not limited to, credit card information, user emails, menstruation cycles, photos, personal spending habits, personal investment portfolio, and tv watching habits. While the loss of your TV view habits might be embarrassing, the loss of your credit card information, email, menstruation cycle, personal photos, and investment portfolio is just bad. So what does Google use the word “excellence” without ensuring if the publishers have a good security posture? Well, we know why, but c’mon Google, save the word “Excellence” for apps that care about security too. We are not saying these have should have zero security issues, as that is unrealistic and not fair, but we do think there Google’s own security policy should be enforced on these apps (which they are not).
For more information on any app’s security metrics in Google Play, please contact Data Theorem at any time.