The Hacker News Logo
Subscribe to Newsletter

Using AppLock for Android to Hide Apps and Photos? — It's Useless

Unlock AppLock for Android to Hide Apps and Photos
Widely popular AppLock for Android by DoMobile Ltd. is claimed to be vulnerable to hackers.

Having an applock for iPhone or Android device is useful. It is suitable for security and keeping people out of your business.

But when it comes to how to password protect apps on Android? How to put passwords on apps? — the one app that comes to mind is AppLock.

What is AppLock?


AppLock is a lightweight Android app that enables users to apply a lock on almost any type of file or app on their devices, preventing access to your locked apps and private data without a password.

The most basic functionality of the security feature is to lock your Android apps so that nobody can access or uninstall them, but applock can hide pictures and videos, and even contacts and individual messages.

For example, if you have an app lock on WhatsApp, one of your friends borrow your phone to play games cannot get into your WhatsApp app without a password you have set for the locked app.

App Lock sits above your other Android apps and works straightforwardly. You can download app lock in play store for free. Although you can use applock for free, the Pro version of the app will cost you a few dollars.

Hide Photos, Files, and Apps On Android


App Lock works a lot like a lock screen on your Android phone. People cannot access your phone without its password. An app lock does precisely that, except for individual apps.

With AppLock, you can create a specific PIN (or an app-specific PIN) that can then be used to lock down whatever applications you wish to secure. It's incredibly simple to use.

Here are some features of AppLock:
  • Lock any app using either a PIN number form or a pattern lock
  • A Photo Vault to hide pictures, so that hidden pictures cannot be accessed by anyone except you
  • A Video Vault to hide videos
  • Create different user profiles
  • Easy to change the locks
  • Preventing AppLock uninstallation
  • Auto restart (to avoid app lock from being killed by task killers)
  • Lock Android installer
  • Lock incoming calls or outgoing calls
  • Lock access to phone
  • Multi-lock feature (Pro version only): Add different locks to different apps
  • Auto-lock base on Time or Wi-Fi (Pro version just)
  • Disguise feature (Pro version just)
  • In short, AppLock is an applocker that acts as advanced protection for your device, by securing many features that come with an android phone.
But, does this really protects you?

Let’s have a look…

Security researchers at Beyond Security’s 'SecuriTeam Secure Disclosure' (SSD) have reported three critical flaws to reside in the AppLock App.

They say the app that promises to hide and secure your data lacks when:
  • You hide your photos and videos in Vault
  • You apply PIN Protection to the AppLock App
  • You enable to reset the PIN

How Lock Unlock AppLock Key On Android?


The First vulnerability exploits the vault services with which the "AppLock empowers you to control photo and video access."

The researchers say, when you put something in the vault, the files did not get encrypted; instead they are hidden in the file system of the device and not the one assigned to the app.

With this activity, anyone can access those files, and an intruder can accomplish this task by installing a file manager on the device with simultaneously replacing some files in the directory and getting the data from the SQLite database.

The Second vulnerability allows an attacker to break the PIN attached to an app by brute force. The researchers claim that the SALT that used to attach with the password/PIN was a fixed SALT that is "domobile."

For this, the device is required to be rooted. Also, an attacker can remove and change the lock applied to an app.

The Third vulnerability allows the attackers to reset the PIN code and gain complete access to the targeted application without getting any special permissions.

Here, the researchers say that an attacker can exploit the user’s privacy by resetting the password by:
  • If the user has not provided any E-mail address- an attacker can add his own and get the reset code.
  • If the user has provided an E-mail address- an attacker can intercept the traffic using Wireshark and get the MD5 hash.
SecuriTeam tried to contact the vendor, but they did not respond. Also, they say their agenda is to protect the user’s privacy by notifying them about a "false sense of security."

AppLock is installed in over 50 countries with over 100 Million users, supporting 24 languages. Besides AppLock, DoMobile develops various apps supporting on Android and iOS operating system devices.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.