Zimperium, a pioneer in mobile security innovation, has unveiled research findings that highlight significant security vulnerabilities in numerous popular Android applications. The company's zLabs team discovered that many apps, including widely used travel, airline, and weather applications, are still utilizing an outdated mapping component, potentially endangering both users and corporate data.
The investigation, called "Follow the Map to Enterprise Risk: What’s Inside Popular Android Apps," determined that the obsolete library, libmapbox-gl.so, once integral to Mapbox GL Native, is still embedded in thousands of active apps even after being deprecated in 2023.
The outdated library harbors older versions of code with known security weaknesses that could be exploited to compromise devices, steal information, or disrupt app performance.
Enhancing App Ecosystem Security
Zimperium is collaborating with Google under the App Defense Alliance (ADA) initiative to enhance mobile app security.
Although there hasn't been any documented instance of active exploitation, it's strongly advised that developers still relying on the obsolete Mapbox GL Native SDK transition to Mapbox Maps SDK v10+ or MapLibre to ensure ongoing security and app integrity.
According to Nico Chiaraviglio, Chief Scientist at Zimperium, "These vulnerabilities transform everyday apps into potential attack vectors. When trusted applications ship with outdated components, it creates blind spots that can expose both users and enterprises. Our mission is to help organizations gain visibility into these hidden risks — so they can protect the mobile apps and devices that power their business."
Analysis Highlights Security Risks
The analysis by Zimperium disclosed several critical findings: thousands of Android apps still contain the vulnerable library, 40% of the affected apps are ranked among the top 20 in their categories on the Play Store, and many are installed on devices used by employees, presenting substantial risks to Bring Your Own Device (BYOD) policies and overall enterprise security exposure.
Understand how converged physical and cybersecurity systems can scale protection.
