Cyber security
Summary is AI-generated, newsdesk-reviewed
  • Zimperium uncovers security risks in thousands of Android apps using outdated mapping library.
  • 40% of apps with vulnerabilities rank top 20 in Play Store categories.
  • BYOD policies at risk as vulnerable apps installed on employee devices.
Related Links

Zimperium, a pioneer in mobile security innovation, has unveiled research findings that highlight significant security vulnerabilities in numerous popular Android applications. The company's zLabs team discovered that many apps, including widely used travel, airline, and weather applications, are still utilizing an outdated mapping component, potentially endangering both users and corporate data.

The investigation, called "Follow the Map to Enterprise Risk: What’s Inside Popular Android Apps," determined that the obsolete library, libmapbox-gl.so, once integral to Mapbox GL Native, is still embedded in thousands of active apps even after being deprecated in 2023.

The outdated library harbors older versions of code with known security weaknesses that could be exploited to compromise devices, steal information, or disrupt app performance.

Enhancing App Ecosystem Security

Zimperium is collaborating with Google under the App Defense Alliance (ADA) initiative to enhance mobile app security.

Although there hasn't been any documented instance of active exploitation, it's strongly advised that developers still relying on the obsolete Mapbox GL Native SDK transition to Mapbox Maps SDK v10+ or MapLibre to ensure ongoing security and app integrity.

According to Nico Chiaraviglio, Chief Scientist at Zimperium, "These vulnerabilities transform everyday apps into potential attack vectors. When trusted applications ship with outdated components, it creates blind spots that can expose both users and enterprises. Our mission is to help organizations gain visibility into these hidden risks — so they can protect the mobile apps and devices that power their business."

Analysis Highlights Security Risks

The analysis by Zimperium disclosed several critical findings: thousands of Android apps still contain the vulnerable library, 40% of the affected apps are ranked among the top 20 in their categories on the Play Store, and many are installed on devices used by employees, presenting substantial risks to Bring Your Own Device (BYOD) policies and overall enterprise security exposure.

Understand how converged physical and cybersecurity systems can scale protection.

Show full press release
Related white papers
Aligning Physical And Cyber Defence For Total Protection

Aligning Physical And Cyber Defence For Total Protection

Download
Combining Security And Networking Technologies For A Unified Solution

Combining Security And Networking Technologies For A Unified Solution

Download
System Design Considerations To Optimize Physical Access Control

System Design Considerations To Optimize Physical Access Control

Download
Related articles
How Physical Security Consultants Ensure Cybersecurity For End Users

How Physical Security Consultants Ensure Cybersecurity For End Users
How Managed Detection And Response Enhances Cybersecurity Management In Organizations

How Managed Detection And Response Enhances Cybersecurity Management In Organizations
Drawbacks Of PenTests And Ethical Hacking For The Security Industry

Drawbacks Of PenTests And Ethical Hacking For The Security Industry