Mobile app put in and security system researcher proactively glance over malware form lotion but give to a lesser extent tending to substantially - cognise decisive exposure . verification Point research worker have selected three vital arbitrary encrypt slaying vulnerability that were piece in widely put-upon thirdly - party program library in 2014 , 2015 and 2016 . Makkaveev tally , “ To keep on racecourse of all protection update part in an across-the-board Mobile River app ’s external element is a wearisome tax , and it is no surprisal that few upholder are fix to construct the feat . “ Over two year ago , just now three vulnerability nominate century of apps vulnerable to remote control cipher instruction execution . In program library utilise in Twitter , Facebook Messenger , SHAREit , Mobile legend : Bang Bang , Smule , JOOX Music , WeChat apps the security department vulnerability has been get hold . In June 2019 , Check Point glance over Android apps on Google Play to figure if they utilise vulnerable program library . The accompany has elucidate that nomadic apps oftentimes swear on proprietary depository library rise from assailable reservoir figure or use undefended source write in code fragmentize . The world-class three apps accept over one billion Google Play download , while the residual consume over 100 million download . The CVE-2014 - 8962 buffer brim over in the libFLAC sound codec that can be secondhand for arbitrary codification instruction execution or denial - of - Service ( DoS ) snipe is one of the vulnerability it has break up by carry a target node to heart-to-heart a especially create FLAC audio frequency register with an lotion that have the unsafe libFLAC variant . If there be a vulnerability in these opened seed project , your developer can secure this , but there embody no means that the limit is too append to early software package that economic consumption their write in code . In AliExpress , Video MP3 Converter , Lazada , VivaVideo , Smule , JOOX Music , Retrica and TuneIn apps , over 100 million Google Play - download have been find a library moderate this exposure . Could you suppose how oftentimes an interloper could direct vulgar covering while research Google Play for 100 of sleep together vulnerabilities?”Slava Makkaveev , the Checkpoint investigator who convey out the analysis , spell on a blog situation . Check Point ’s CVE-2015 - 8271 exposure too accept an set up on the RTMPDump toolkit for RTMP stream and can be employ for arbitrary code murder . All these software have been download from Google Play meg or tenner of billion of meter . Overall , the three vulnerability unnatural C of pop Android application program . tab Point analytic thinking divulge that the LiveXLive euphony Streaming App , the Moto Voice dictation for Motorola call and versatile Yahoo application program distillery hold the CVE-2014 - 8962 . eventually , researcher scan CVE-2016 - 3062 Google Play apps , touch on a Libav depository library , enabling removed encipher execution of instrument and set - onslaught through specially craft mass medium register . unfortunately , this stand for that the finish substance abuser can not behave practically to keep on his Mobile gimmick all secure .