Part 1: Open Ports on Android Apps
On April 2017, researchers from the University of Michigan released a whitepaper titled “Open Doors for Bob and Mallory: Open Port Usage in Android Apps and Security Implications”. The paper described how android applications can open ports on devices, exposing the app & its data to network attackers. As noted in the paper, mobile applications can open ports on Android devices for legitimate purposes, such as transferring files from one phone to another. Unfortunately, if proper security controls are not implemented on these open ports, network attackers can exploit weaknesses and gain access to both app or device data. From the study, out of 24,000 apps that were scanned, 6.8% of the mobile applications were exposing open ports on the network.
Data Theorem performed a full scan on Google Play and identified several more apps were opening external ports on the mobile device. Please note an open port does not mean the app is exploitable, as it has to have one of the 5+ security vulnerabilities associated with it, as described in the paper. Nonetheless, if you wish to see if your your apps are exposed to this issue, visit our free/no-nonsense service called “Protection from the Wall of Shame”, which will allow you to verify if one or all of your apps on Google Play are vulnerable.