A collection of vulnerabilities known as ParseDroid put users of popular Android development tools at risk.
Research from Check Point has discovered several vulnerabilities in downloadable and cloud-based Android development tools which all Java/Android programmers use to build their companies business applications. Even security analysts and reverse-engineers use some of the affected softwares to conduct their work.
The vulnerabilities were found to affect the most common Android IDEs including Google’s own Android Studio, JetBrains’ IntelliJ IDEA, and Eclipse. Popular reverse-engineering tools for Android that were affected include APKTool, the Cuckoo-Droid service, and others.
Check Point notes how WikiLeaks leaked information as part of its ‘Vault 7’ release on how the CIA and NSA exploited vulnerabilities in the likes of CCleaner, Notepad++, and more to spread malware and acquire information on companies and their users.
This video demonstrates how the vulnerabilities could be used to attack the Android developer community:
Since discovering the vulnerabilities, Check Point informed the affected software makers of the problems. Google and JetBrains have verified and acknowledged the security issues and have since “effectively deployed a fix.”
The full technical analysis can be found here.
Are you concerned by Check Point’s findings? Let us know in the comments.