Attention! Google Instant Apps have to improve their cybersecurity. For example, let’s take mobile password managers that can be tricked by imposter apps into giving over user’s passwords.
This is possible thanks to Android Instant Apps feature that is designed to ask for and receive, stored credentials from password managers.
The Instant Apps feature is crafted to let the user try out portions of an Android app without fully downloading it but the problem is that Android does not properly distinguish them from fully-installed apps.
Be aware! There are a lot of popular Android password managers that are falling for this flaw and can leak your credentials.
Remember everything is hackable. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
This means that the Instant App can be hacker-controlled, and it is possible to trick password managers to auto-fill credentials for an hacker-chosen website without even requiring the installation of an additional app.
This kind of tactic can lead to an end-to-end phishing attack by luring the victim into visiting a malicious webpage: such a fake Facebook page. Cybersecurity researchers are saying that even just a fake ‘like’ button can be used to steal your credentials and neither the user nor the password manager, would be aware they had been conned.
This is very worrying because is the first attack that does not need a malicious app already installed on the phone and that does not even require the user to insert the credentials
In the end, the solution for the issue lays in Google’s hands, they need to develop a more reliable and secure method for password tools to verify that the apps asking for credentials are whom they say they are.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.