June 7, 2019
- We had identified 2,700+ android apps which were potentially vulnerable.
- We began in-depth analysis of these 2700+ apps, and classified 236 apps as “actually risky”.
June 8, 2019, 09:00
- We sent a notification to each developer of the vulnerable apps, and also notified that we would release the list of vulnerable apps through this site after 2 weeks.
June 18, 2019
- Through the in-depth analysis, 247 apps were classified as actually risky. (11 apps added to the list of previously classified actually risky apps.)
June 19, 2019, 10:00
- We reported the vulnerability details and the list of vulnerable Korean apps to KISA(Korea Internet & Security Agency), NSR(National Security Research Institute) and FSI(Financial Security Institute).
June 21, 2019, 03:37
- Among the developers we contacted, only 3 developers contacted us again, so we had to take another measures.
- We contacted to security team of cloud service provider(CSP) such as AWS, and asked them to help each app developer take an action.
June 21, 2019, 16:23
- We had the first response from the security team of CSP.
June 22, 2019, 10:56
- We sent to CSP a PoC document on the most popular app, and decided to delay publishing the list for 7 more days.
June 23 - 24, 2019 03:28
- We had the second response from the security team of CSP.
- They asked us the full list of vulnerable apps.
June 24 - 25, 2019 01:22
- As CSP’s request, we sent them the entire list of vulnerable apps, which were classfied as actually risky by soFrida.
June 25, 2019
- Through the in-depth analysis, 253 apps were classified as actually risky. (6 apps added to the list of previously classified actually risky apps.)
June 27, 2019 18:42
- CSP asked us to hold publishing the list of vulernable apps.
- As their request, we finally decided to delay publishing the list until they took enough action.
June 28, 2019
- Our automated mobile cloud app analysis tool, “soFrida”, was accepted to DEFCON Demo Labs 2019!