Google users ‘private data was vulnerable to cyberattacks via the Google app on Android users’ phones, according to mobile app security company Oversecured.
Google acknowledged the vulnerability and said it implemented a fix to the problem last month.
Oversecured said Thursday that it discovered problems with Google’s app code while working to protect pre-installed apps on Android devices.
The problem with Google’s code made accessible data in its application available for cyberattacks, including users’ search history, Gmail mail, contacts, call history, access to read and send messages , and much more.
“The attacker’s application needed to be started only once for this attack to be successful,” Oversecured said on his blog. “After that, even if the app was removed, the malicious functionality would still be present in the Google app independently. Furthermore, the attack did not require the consent or notice of the user.
Google said its Google Play Protect product detects and blocks such malicious apps and the company is not aware of cyber attacks exploiting the vulnerability.
The company also said it delivered its solution to users in early May and touted Oversecured’s participation in its Vulnerability Rewards Program that provides financial incentives for security researchers to discover problems in Google products.
“We are grateful for Oversecured and the participation of the broader security community in these programs,” a Google spokesperson said in a statement. “We implemented a solution for our users more than a month ago and we have not seen any evidence of exploitation.”