Google’s Android updates, including the recent identity check feature and Android 15, have improved security, but a significant issue remains: permission abuse.
A new report from Leakd highlights alarming security and privacy concerns, particularly within the crypto app category on the Play Store.
The report analyzed 51 popular crypto apps and found many requesting unnecessary permissions, using embedded trackers, and even exposing hardcoded secrets like API keys and authentication tokens.
These vulnerabilities pose serious risks, including data theft, account takeovers, and privacy breaches. Trackers silently collect data, while hardcoded secrets offer attackers easy access to critical systems.
One of the most concerning findings is the excessive number of permissions these apps request. On average, each app asked for nearly 23 permissions, with some requesting as many as 45. This creates a large attack surface, increasing the risk of exploitation.
Recommendations:
- Be Permission-Conscious: Check the permissions apps request before installation. Avoid apps asking for irrelevant permissions.
- Opt for Secure Options: Choose apps with proven security and transparency.
- Use Separate Wallets: Avoid storing large amounts of cryptoassets in apps with questionable security.
The report urges users to limit the number of such apps on their phones and regularly check for sensitive permissions like location, phone, and messaging data access.
Google needs to address these vulnerabilities to make the Play Store a safer platform for users.
