Jonathan Sander Strategy & Research Officer STEALTHbits Technologies

“PlayDrone is interesting on many levels. It’s academics using hacking for good and is completely embarrassing one of the world’s biggest tech giants in the process. Not to mention that they basically showed the ‘security by obscurity’ approach so many app developers were taking.

What PlayDrone has exposed is that many app developers left their secret keys on the equivalent of a post note stuck to the monitor because they thought their office door was locked. Using that key, an attacker can log into their system, steal data that’s there (including data about anyone who has downloaded that app), and even rig systems in that virtual store to do more harm or syphon off more data.

In the world of consumer mobile devices, security isn’t even in the back seat of the car user convenience is driving – it’s in the trunk. I’m sure stuffing those secret keys into the apps made things easier for the developers to get their apps out just a bit faster to gain an edge. Perhaps now we will all pay the price for getting a flappy bird clone out a few hours sooner than the next person – who probably made the same mistake, said Jonathan Sander, Strategy and Research Officer with STEALTHbits Technologies.

According to news reports, in order to get developer and user information, computer science professor Jason Neih and PhD candidate Nicolas Viennot created an Android Google Play crawler, PlayDrone, to scan more than a million free Android apps (of which they decompiled 880,000) without triggering Google's restrictions on indexing the store.