Tuesday, January 18, 2022

Aptoide’s hack reminds us why unofficial Android App Stores are not safe

If you have an Aptoide account, you should be worried. A hacker has today leaked the details of 20 Million users of the third-party Android Store. The hacker, according to ZDNet, claims to have over 39 Million records that they say was obtained from a successful hack earlier this month.

So if you registered an account with Aptoide between July 21, 2016, and January 28, 2018, you may be among the millions whose private data has been exposed online. The hacker, however, didn’t manage to get real user passwords, only hashed passwords, so if you use one password across multiple accounts you’re safe. But that shouldn’t be good news because unfortunately, the important details leaked includes:

  • Email addresses
  • IP addresses used during sign-up
  • Sign-up date
  • Device details
  • Date of birth (if provided), and worse of all
  • Real names

All this data is available for download online in a PostgreSQL export file, as at the time of Zdnet’s reporting. As always though, once something goes online there’s no way to stop where it could go, who could access it, and how far it could be manipulated.

The dilemma of Stores:

Aptoide, and other unofficial third-party stores have millions of users accessing them in the hopes of finding apps they can’t find on official stores. For example, if there’s an app you want and it is geo-restricted or it is doesn’t meet Google Play Store requirements, you will need to use a third-party app store to download the APK and install it.

Also, devices that don’t have Google Play Services rely on such unofficial third-party app stores to download apps because they can’t access the Google Play Store, and sometimes the officially recommended stores don’t have all the apps needed. For example, currently, Huawei’s App Gallery doesn’t have all the apps one needs. So if you have an HMS device that doesn’t support Google, you’ll need to find an alternative to App Gallery to get more apps.

The thing is, not every app can be available through one official store. Or two official stores. Android is open-source, and limiting distribution kills the idea. Having many stores is good. It ensures variety, it promotes development and competition. But it also exposes users to malware and potential hacks as with the case of Aptoide.

Official App Stores like Google Play Store, Huawei’s App Gallery, and Samsung’s Galaxy Store all have good security, and can be relied upon in terms of not being hackable, and being capable of handling malware spread easily. However, they don’t have and will never have all the apps every user needs, and that’s why people use these unofficial third parties.

Third-party app stores, on the other hand, don’t have enough resources to be able to build good security. They also cannot be trusted in terms of being able to check for malware on all apps they host.

Back in October of 2018, you may remember Aptoide accused Google of using the Play Protect feature to uninstall their app from Android devices. Google was then seen as a jealous competitor kicking a rising star. The case that went to an EU Court forced Google to stop removing the app without users’ knowledge. I don’t know what the argument will be now with the news of Aptoide’s hack.

6,091FansLike
2,879FollowersFollow
16,100SubscribersSubscribe

Leave a Reply

Dickson Otienohttps://tech-ish.com
I love reading emails when bored. I am joking. But do send them to editor@tech-ish.com.

More to read:

Netflix increases prices in US & Canada

Netflix has announced increased subscription fees in the United States and Canada in what appears to now be annual expected change.

Bolt now valued at €7.4 billion after €628 million investment round

Bolt says % it will use the funds to accelerate the expansion of their mobility and delivery products across Eastern African markets.

MARAMOJA opens up API to Fintechs and Insurtechs in Kenya

The company says that Fintechs and Insurtechs now have an opportunity to connect to MARAMOJA's ecosystem via a single API

Blind test: Apple Music vs Spotify Sound Quality Preference

I sat two friends of mine for a blind test of Spotify and Apple Music. I used the same song, the same device, and the same headphones.

Is Dogecoin still worth investing in?

You may have already heard the story, but for those who haven’t, it is worth knowing that Dogecoin started life as a bit of a joke.

Samsung’s new Galaxy S21 FE is good, but comes at a weird time

The Samsung Galaxy S21 FE comes a few days before the launch of the Galaxy S22 Series. But it features really good specifications