AppLock Android App Used by 100 Million Users is Easily Hackable.

applock-useless-hack

Popular Android app AppLock is used by more than 100 million people. According to the researchers, the app is providing a false sense of security to the users as the app is easily hackable and useless.

Millions of users use the Android applications known as app lockers to protect their pictures, messages, and other files. With these apps, you can lock your contacts, Facebook, gallery, texts, call logs to restrict the unauthorized access. One of the most popular apps named AppLock falls in the same category and it’s #1 app locker in more than 50 countries with more than 100 million users.

This app promises to provide complete security to the users, but the security researchers at SecuriTeam have reported three easily exploitable flaws in the AppLock Android application. According to the security firm, the app exposes user data even when the application is using a PIN.

In the AppLock application, the researchers found 3 vulnerabilities. These vulnerabilities are:

  • The first vulnerability shows that your pictures and videos are not encrypted and they are just hidden from the users. They can be recovered with their original filenames without any root permission.
  • The second vulnerability deals with the root permission and how one can easily remove the PIN code from the app and add it to others. A person can also change the existing PIN.
  • The third and most critical vulnerability talks about the PIN bypass. By exploiting this vulnerability, one can reset the PIN code without root permissions and take full control of the device.

The PIN bypass flaw allows the attacker to intercept HTTP request and responses while trying to recover a lost PIN. This is due to the weak reset PIN mechanism. In this situation, an attacker can reset the password by sending the PIN to his/her own email. Along the same lines, in the app, there is a lack of encryption that allows the attacker to access the files inside AppLock’s SQLite database.

These vulnerabilities and steps to access locked files is shared in details on the SecuriTeam blog.

Do you use AppLock, how is safe are your files? Let us know in comments.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s