Over the past several months security researchers have found serious vulnerabilities in many mobile advertising libraries that could be exploited to abuse the permissions of Android apps or to execute unauthorized code on users' devices. The risks resulting from those vulnerabilities would be significantly lower if those libraries would use HTTPS, security researchers said.
If, for example, an app using a vulnerable ad library has permission to access the Android device's camera, then a remote attacker could exploit this issue to take photos or record video over the Internet without the user's consent, the FireEye researchers said.
"Our analysis shows that, currently, at least 47 percent of the top 40 ad libraries have this vulnerability in at least one of their versions that are in active use by popular apps on Google Play," the FireEye researchers said.
Sign up for MIS Asia eNewsletters.