Accidental Discovery Of A Bug In The AppLock Application (CVE-2022-46638)
Its about vulnerability of AppLock (Ver.5.6.2), a popular android app trusted by more than 100 million users in over 150 countries.
What is AppLock ?
AppLock is a lightweight Android app that enables users to apply a lock on almost any type of file or app on their devices, preventing access to your locked apps and private data without a password.
The most basic functionality of the security feature is to lock your Android apps so that nobody can access or uninstall them.
Here are some features of AppLock:
- AppLock can lock Facebook, WhatsApp, Gallery, Messenger, Snapchat, Instagram, SMS, Contacts, Gmail, Settings, incoming calls and any app you choose. Prevent unauthorized access and guard privacy. Ensure security;
- AppLock can lock pictures and videos. Hidden pictures and videos are vanished from Gallery and only visible in the photo and video vault. Protect private memories easily;
- AppLock has random keyboard and invisible pattern lock.
In short, AppLock is an applocker that acts as advanced protection for your device, by securing many features that come with an android phone.
Bug In AppLock (Ver.5.6.2)
You have to think again about using the AppLock application as your privacy guard on your mobile phone, Why ?
I’ve found a bug in the app that breaks the "protect your privacy" tagline, Previously I had tried to contact the application developer and notify the bug on December 1, 2022 via email and fb inbox, but up to the time of writing this there was no confirmation at all, so I decided to publish it out of concern for the security of more than hundreds of millions of users
The PoC
Unlock the application protected by AppLock just by tap the back button multiple times
- Open the application was locked by AppLock
- Dont input any pin/password
- Tap/click back button, see the ads and then close the ads
- Repeat the step 1-3 multiple times
- Boom! ☺ the application protected by AppLock opened
as simple as that, what a simple bug but hit the core of security feature of AppLock, a bug that never thought would exist in a popular application that has more than hundreds of millions of downloads
Evidence
