Cyber security
Summary is AI-generated, newsdesk-reviewed
  • Thousands of top Android apps use deprecated Mapbox library, risking user and enterprise security.
  • Legacy libmapbox-gl.so contains security flaws, potentially exploitable for data theft or device compromise.
  • Zimperium urges app developers to upgrade to Mapbox Maps SDK v10+ for enhanced security.
Related Links

Zimperium, a specialist in mobile security, has identified that a significant number of Android applications, including leading travel, airline, and weather apps, continue to use an obsolete mapping component that may compromise user and enterprise security.

Their zLabs team uncovered that the deprecated library, known as libmapbox-gl.so, which was part of the former Mapbox GL Native, is still present in numerous apps despite being officially discontinued in 2023.

Legacy library's security vulnerabilities

The outdated library harbours older code versions with recognised security vulnerabilities that could potentially be exploited to infiltrate devices, steal sensitive data, or disrupt application functionality.

Although no active exploitation has been reported, Zimperium underscores the importance of addressing these issues to safeguard app security.

Collaborative efforts for enhanced security

Developers are urged to transition from the archived Mapbox GL Native SDK to the updated Mapbox Maps SDK v10+

Zimperium is actively collaborating with Google within the App Defence Alliance (ADA) to bolster the security of the app ecosystem.

Developers are urged to transition from the archived Mapbox GL Native SDK to the updated Mapbox Maps SDK v10+ or MapLibre to ensure ongoing security and integrity of their applications.

Nico Chiaraviglio, Chief Scientist at Zimperium, highlighted the risk posed by these vulnerabilities, stating, "These vulnerabilities transform everyday apps into potential attack vectors. When trusted applications ship with outdated components, it creates blind spots that can expose both users and enterprises."

Implications for enterprise devices

The analysis by Zimperium reveals that thousands of Android applications still incorporate the vulnerable library, with 40% of the affected apps ranking among the top 20 in their Play Store categories. This issue is particularly concerning for enterprises, as many of these apps are installed on employee devices, posing significant risks in Bring Your Own Device (BYOD) environments.

Zimperium's initiative aims to enhance awareness and provide organisations with the insights needed to protect the mobile apps and devices crucial to their operations.

Understand how converged physical and cybersecurity systems can scale protection.

Show full press release
Related white papers
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Combining security and networking technologies for a unified solution

Combining security and networking technologies for a unified solution

Download
System design considerations to optimize physical access control

System design considerations to optimize physical access control

Download
Related articles
How physical security consultants ensure cybersecurity for end users

How physical security consultants ensure cybersecurity for end users
How managed detection and response enhances cybersecurity management in organisations

How managed detection and response enhances cybersecurity management in organisations
Drawbacks of PenTests and ethical hacking for the security industry

Drawbacks of PenTests and ethical hacking for the security industry