March 21, 2024 / ANDROID, GOOGLE, OVERSECURED APPS CARE Oversecured Apps Care. Part 1: Vulnerability disclosure of 225 Google apps Oversecured Apps Care At Oversecured, our core mission is to make the Internet safer for everyone. Today, mobile apps are crucial in our daily lives and business operations. However, they are not always 100% safe for users. That’s why we’ve decided to launch our latest initiative—the “Oversecured Apps Care” program - a bi-annual deep dive into the security of widely used Android apps. Our objective is to identify any potential vulnerabilities in these applications to enhance the overall safety of the Android ecosystem, not just to fix security gaps but to reinforce the digital infrastructure that supports lives. Technologies we used At the heart of our initiative is the Oversecured vulnerability scanner, a service designed to detect and diagnose potential security flaws, which employs a blend of static (SAST) and dynamic (DAST) analysis methods, enabling a thorough examination of both the code’s structure and its behaviour during execution. Our scanner is constantly evolving and powered by the latest cybersecurity research and technology to stay one step ahead of potential threats. So, if you’re looking to secure your mobile app, get started with a free 2-week trial of QuickStart. Book a call with our team or contact us to learn more. All your reports are kept private. The first wave of reports: A Closer Look at Google Apps Our journey began with scanning over 6,000 applications from more than 1,000 companies, all of whose APK files are readily accessible to the public. Today, we’re ready to unveil our first series of reports, offering a comprehensive vulnerability analysis of 224 Google apps. These findings underscore the critical need for ongoing vigilance and proactive cybersecurity measures to safeguard our digital ecosystem. An opportunity for security researchers (!) If you enjoy finding and reporting bugs, we have a great opportunity. Our reports can give you many chances to report vulnerabilities to Google for a reward. We believe in the power of community-driven security efforts, and your expertise could play a pivotal role in fortifying the defences of one of the world’s leading tech companies. You can report identified mobile security issues to Google via this link. Google app scanning reports Device fingerprint: google/sdk_gphone64_x86_64/emu64xa:VanillaIceCream/AP31.240119.018/11431403:user/release-keys № Package name Statistics Report 1 android 46/320/246 Link 2 com.android.backupconfirm 0/0/0 Link 3 com.android.bips 0/0/5 Link 4 com.android.bluetooth 0/3/0 Link 5 com.android.bluetoothmidiservice 0/0/1 Link 6 com.android.bookmarkprovider 0/0/2 Link 7 com.android.calllogbackup 0/2/1 Link 8 com.android.camera2 6/11/18 Link 9 com.android.cameraextensions 0/0/2 Link 10 com.android.carrierconfig 0/0/0 Link 11 com.android.carrierdefaultapp 13/10/23 Link 12 com.android.cellbroadcastreceiver 1/4/9 Link 13 com.android.certinstaller 0/17/10 Link 14 com.android.chrome 7/54/110 Link 15 com.android.companiondevicemanager 0/3/0 Link 16 com.android.credentialmanager 0/3/2 Link 17 com.android.DeviceAsWebcam 0/3/3 Link 18 com.android.dreams.basic 0/0/1 Link 19 com.android.dynsystem 0/2/0 Link 20 com.android.egg 0/10/12 Link 21 com.android.emergency 1/5/15 Link 22 com.android.emulator.multidisplay 0/0/3 Link 23 com.android.emulator.radio.config 1/0/2 Link 24 com.android.externalstorage 0/1/2 Link 25 com.android.hotwordenrollment.okgoogle 0/0/1 Link 26 com.android.hotwordenrollment.xgoogle 0/0/1 Link 27 com.android.htmlviewer 3/4/2 Link 28 com.android.imsserviceentitlement 1/9/13 Link 29 com.android.inputdevices 0/0/2 Link 30 com.android.intentresolver 2/9/10 Link 31 com.android.keychain 2/3/6 Link 32 com.android.localtransport 0/0/0 Link 33 com.android.location.fused 0/0/1 Link 34 com.android.managedprovisioning 10/10/25 Link 35 com.android.mms.service 0/6/3 Link 36 com.android.mtp 1/5/4 Link 37 com.android.musicfx 0/6/12 Link 38 com.android.nfc 0/5/8 Link 39 com.android.ons 0/1/4 Link 40 com.android.pacprocessor 0/0/2 Link 41 com.android.phone 11/49/27 Link 42 com.android.printspooler 0/2/4 Link 43 com.android.providers.blockednumber 3/3/2 Link 44 com.android.providers.calendar 7/17/11 Link 45 com.android.providers.contacts 222/81/49 Link 46 com.android.providers.downloads 15/70/14 Link 47 com.android.providers.downloads.ui 0/4/4 Link 48 com.android.providers.media 0/17/0 Link 49 com.android.providers.partnerbookmarks 5/1/2 Link 50 com.android.providers.settings 1/3/4 Link 51 com.android.providers.telephony 127/78/71 Link 52 com.android.providers.userdictionary 6/6/2 Link 53 com.android.proxyhandler 0/0/2 Link 54 com.android.se 0/0/4 Link 55 com.android.server.telecom 6/4/13 Link 56 com.android.settings 21/27/285 Link 57 com.android.sharedstoragebackup 0/1/1 Link 58 com.android.shell 0/4/2 Link 59 com.android.simappdialog 0/3/1 Link 60 com.android.soundpicker 0/7/3 Link 61 com.android.stk 2/4/7 Link 62 com.android.storagemanager 1/7/8 Link 63 com.android.systemui 31/22/84 Link 64 com.android.systemui.accessibility.accessibilitymenu 0/3/3 Link 65 com.android.systemui.plugin.globalactions.wallet 0/3/1 Link 66 com.android.traceur 1/9/15 Link 67 com.android.vending 30/152/409 Link 68 com.android.vpndialogs 2/0/2 Link 69 com.android.wallpaper 0/3/5 Link 70 com.android.wallpaper.livepicker 0/3/5 Link 71 com.android.wallpaperbackup 0/0/1 Link 72 com.android.wallpapercropper 0/0/2 Link 73 com.google.android.accessibility.reader 0/10/10 Link 74 com.google.android.accessibility.soundamplifier 6/12/27 Link 75 com.google.android.accessibility.switchaccess 0/6/17 Link 76 com.google.android.adservices.api 4/31/20 Link 77 com.google.android.apps.accessibility.auditor 0/11/9 Link 78 com.google.android.apps.accessibility.maui.actionblocks 0/23/25 Link 79 com.google.android.apps.accessibility.reveal 1/23/27 Link 80 com.google.android.apps.accessibility.voiceaccess 2/21/32 Link 81 com.google.android.apps.adm 1/19/56 Link 82 com.google.android.apps.ads.homeservices 2/32/40 Link 83 com.google.android.apps.adwords 1/39/45 Link 84 com.google.android.apps.audition 4/66/33 Link 85 com.google.android.apps.authenticator2 0/10/21 Link 86 com.google.android.apps.bard 0/6/8 Link 87 com.google.android.apps.baselinestudy 0/25/55 Link 88 com.google.android.apps.blogger 1/60/35 Link 89 com.google.android.apps.books 19/123/118 Link 90 com.google.android.apps.carrier.carrierwifi 0/21/8 Link 91 com.google.android.apps.chromecast.app 24/91/111 Link 92 com.google.android.apps.classroom 5/56/50 Link 93 com.google.android.apps.cloud.cloudbi 5/58/35 Link 94 com.google.android.apps.cloudconsole 1/60/56 Link 95 com.google.android.apps.cultural 4/58/47 Link 96 com.google.android.apps.docs 29/98/143 Link 97 com.google.android.apps.docs.editors.docs 24/107/140 Link 98 com.google.android.apps.docs.editors.sheets 17/95/122 Link 99 com.google.android.apps.docs.editors.slides 0/9/33 Link 100 com.google.android.apps.dynamite 3/39/81 Link 101 com.google.android.apps.enterprise.cpanel 5/32/42 Link 102 com.google.android.apps.fitness 2/35/52 Link 103 com.google.android.apps.giant 8/61/51 Link 104 com.google.android.apps.googleassistant 0/7/9 Link 105 com.google.android.apps.googlevoice 3/34/51 Link 106 com.google.android.apps.health.research.studies 2/26/41 Link 107 com.google.android.apps.healthdata 3/9/28 Link 108 com.google.android.apps.helprtc 3/23/23 Link 109 com.google.android.apps.jam 0/23/42 Link 110 com.google.android.apps.kids.familylink 3/61/55 Link 111 com.google.android.apps.magazines 9/89/112 Link 112 com.google.android.apps.maps 15/127/177 Link 113 com.google.android.apps.mapslite 2/15/13 Link 114 com.google.android.apps.meetings 11/21/61 Link 115 com.google.android.apps.messaging 38/109/247 Link 116 com.google.android.apps.navlite 10/51/36 Link 117 com.google.android.apps.nbu.files 5/43/68 Link 118 com.google.android.apps.nbu.paisa.user 6/62/107 Link 119 com.google.android.apps.nexuslauncher 2/15/24 Link 120 com.google.android.apps.onlineinsightspanel 5/48/72 Link 121 com.google.android.apps.paidtasks 2/44/71 Link 122 com.google.android.apps.photos 20/205/189 Link 123 com.google.android.apps.photos.scanner 2/11/17 Link 124 com.google.android.apps.photosgo 3/39/21 Link 125 com.google.android.apps.playconsole 1/35/37 Link 126 com.google.android.apps.podcasts 0/13/34 Link 127 com.google.android.apps.restore 17/60/45 Link 128 com.google.android.apps.searchlite 5/71/81 Link 129 com.google.android.apps.seekh 10/58/44 Link 130 com.google.android.apps.subscriptions.red 3/38/73 Link 131 com.google.android.apps.tachyon 10/54/144 Link 132 com.google.android.apps.tasks 0/17/54 Link 133 com.google.android.apps.translate 3/35/47 Link 134 com.google.android.apps.turbo 1/13/18 Link 135 com.google.android.apps.tycho 32/72/140 Link 136 com.google.android.apps.userpanel 0/10/29 Link 137 com.google.android.apps.village.boond 2/63/47 Link 138 com.google.android.apps.walletnfcrel 0/35/89 Link 139 com.google.android.apps.wallpaper 1/6/12 Link 140 com.google.android.apps.wear.companion 9/38/95 Link 141 com.google.android.apps.wearables.maestro.companion 1/11/29 Link 142 com.google.android.apps.wellbeing 4/17/59 Link 143 com.google.android.apps.wifisetup.app 6/34/28 Link 144 com.google.android.apps.work.clouddpc 30/61/76 Link 145 com.google.android.apps.youtube.creator 16/86/76 Link 146 com.google.android.apps.youtube.kids 13/98/57 Link 147 com.google.android.apps.youtube.music 23/108/97 Link 148 com.google.android.apps.youtube.producer 3/57/29 Link 149 com.google.android.apps.youtube.unplugged 14/153/78 Link 150 com.google.android.as 4/35/38 Link 151 com.google.android.as.oss 0/13/26 Link 152 com.google.android.bluetooth 69/61/113 Link 153 com.google.android.calculator 0/13/13 Link 154 com.google.android.calendar 0/32/73 Link 155 com.google.android.captiveportallogin 6/16/13 Link 156 com.google.android.cellbroadcastreceiver 2/5/14 Link 157 com.google.android.cellbroadcastservice 7/6/10 Link 158 com.google.android.configupdater 2/3/13 Link 159 com.google.android.contacts 2/30/74 Link 160 com.google.android.deskclock 1/18/35 Link 161 com.google.android.devicelockcontroller 0/5/2 Link 162 com.google.android.dialer 10/38/113 Link 163 com.google.android.documentsui 0/14/30 Link 164 com.google.android.euicc 11/27/31 Link 165 com.google.android.ext.services 1/27/24 Link 166 com.google.android.ext.shared 0/0/0 Link 167 com.google.android.federatedcompute 0/2/4 Link 168 com.google.android.feedback 1/13/3 Link 169 com.google.android.gm 14/138/243 Link 170 com.google.android.gms 169/470/1084 Link 171 com.google.android.gms.location.history 0/0/0 Link 172 com.google.android.googlequicksearchbox 72/266/687 Link 173 com.google.android.googlesdksetup 4/7/5 Link 174 com.google.android.gsf 1/7/6 Link 175 com.google.android.health.connect.backuprestore 0/0/1 Link 176 com.google.android.healthconnect.controller 5/78/9 Link 177 com.google.android.hotspot2.osulogin 0/6/2 Link 178 com.google.android.ims 8/48/75 Link 179 com.google.android.inputmethod.latin 4/44/44 Link 180 com.google.android.keep 2/29/65 Link 181 com.google.android.markup 1/12/4 Link 182 com.google.android.marvin.talkback 8/22/52 Link 183 com.google.android.networkstack 0/6/1 Link 184 com.google.android.networkstack.tethering 2/15/2 Link 185 com.google.android.odad 0/1/2 Link 186 com.google.android.ondevicepersonalization.services 2/15/8 Link 187 com.google.android.onetimeinitializer 0/3/4 Link 188 com.google.android.packageinstaller 4/22/23 Link 189 com.google.android.partnersetup 9/9/8 Link 190 com.google.android.permissioncontroller 4/47/96 Link 191 com.google.android.play.games 12/45/97 Link 192 com.google.android.printservice.recommendation 0/3/1 Link 193 com.google.android.projection.gearhead 0/8/13 Link 194 com.google.android.providers.media.module 9/197/36 Link 195 com.google.android.rkpdapp 0/5/6 Link 196 com.google.android.sdksandbox 0/2/9 Link 197 com.google.android.settings.intelligence 3/20/48 Link 198 com.google.android.setupwizard 76/34/72 Link 199 com.google.android.soundpicker 0/20/16 Link 200 com.google.android.syncadapters.calendar 0/5/11 Link 201 com.google.android.tag 4/14/20 Link 202 com.google.android.talk 20/422/769 Link 203 com.google.android.telephony.satellite 0/0/1 Link 204 com.google.android.tts 2/33/28 Link 205 com.google.android.videos 0/4/39 Link 206 com.google.android.wearable.app 6/53/71 Link 207 com.google.android.webview 0/21/65 Link 208 com.google.android.webview.beta 0/21/67 Link 209 com.google.android.webview.canary 0/21/67 Link 210 com.google.android.webview.dev 0/21/65 Link 211 com.google.android.wifi.dialog 0/3/1 Link 212 com.google.android.youtube 20/201/175 Link 213 com.google.ar.core 0/19/40 Link 214 com.google.ar.lens 0/25/23 Link 215 com.google.audio.hearing.visualization.accessibility.scribe 4/25/24 Link 216 com.google.chromeremotedesktop 0/11/9 Link 217 com.google.earth 5/63/53 Link 218 com.google.enterprise.topaz.mobile.android 0/6/7 Link 219 com.google.location.nearby.apps.fastpair.validator 0/10/22 Link 220 com.google.mainline.adservices 0/1/1 Link 221 com.google.mainline.telemetry 0/1/1 Link 222 com.google.research.projectrelate 0/22/24 Link 223 com.google.samples.apps.cardboarddemo 0/13/8 Link 224 com.google.socratic 0/28/23 Link Your feedback is highly appreciated If you’d like to learn more about our methods for exploiting vulnerabilities, you can check out our case studies on Google (here or here), PayPal, TikTok, Samsung, Amazon, and Evernote. We welcome cybersecurity professionals and tech enthusiasts to review our findings. Your feedback is invaluable in refining our reports and shaping the future of cybersecurity practices. We are sure that together, we can significantly impact the protection of user data worldwide. And, of course, don’t hesitate to refer to us as the source of your insights. We are looking forward to your contributions. Sincerely, The Oversecured Team Get access to files Please fill out the form to access the research files. We will send you an email containing them. First Name * Last Name * Email Address * Company * Job Title Cancel Submit Thank you for reaching out An email with the requested files will be sent to the email address you provided shortly. Got It Your message was sent. Thank you! Our specialists will contact you soon. Protect your apps today! It can be challenging to keep track of security issues that appear daily during the app development process. Drop us a line and we'll help you automate this process internally, saving tons of resources with Oversecured. First Name Last Name Corporate Email Company Submit