By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

The stolen records of 20 million users of a popular Android app store have been published online by a hacker who claims to have 19 million more. Not all app stores are the same. Android users have access to the official Google Play Store, complete with nearly three million (2,870,985) apps available for download. Then there are the manufacturer app stores, of which the best known are probably the Samsung Galaxy Store and the Huawei AppGallery. Finally, we arrive at the third-party app stores, the ones not pre-installed by the smartphone vendor nor operated by Google. Among the biggest of these, with a claimed global userbase of 150 million and a million apps, is Aptoide. It is Aptoide that would appear to have been breached by a hacker who claims to have stolen 39 million customer records and has published details of 20 million of them, including login emails and hashed passwords, on a popular hacker forum. Aptoide was founded in 2011 and has quickly grown thanks to using a decentralized app store model where every user can have their own individually managed app store. The Aptoide app itself is open source and generally well-received, acting as an app discovery platform. It is also thriving, as far as third-party app stores go: one million apps and seven billion downloads are claimed by Aptoide. Cybersecurity folk, myself included, often warn against the use of third-party app stores because of the potential for malware distribution. Aptoide, though, has always been keen to emphasize how safe it is. The app description states that "all the apps are checked for viruses, and we perform extra security tests to ensure your Android device is always safe." The Aptoide home page claims that "recent studies prove that Aptoide is the safest Android app store," although I was unable to find any link to those studies. In the research and development section, however, there was mention of the AppSentinel anti-malware system project and a reputation systems knowledgebase called TrustChain. On April 19, the Have I Been Pwned (HIBP) database added an entry for Aptoide. This stated that the app store had suffered a data breach and that 20 million customer records had subsequently been shared online in a popular hacker forum. HIBP states the breach date as being April 13 and gives the precise number of compromised accounts as 20,012,235. You want to know more, stop by OUR FORUM, and we will share the rest with you.

 

Translate