AirDroid Says It Fixed a Huge Security Flaw

The developers behind AirDroid say they've fixed the security flaw in the popular remote PC app that left Android devices vulnerable to hacks.

AirDroid chief marketing officer Betty Chen said today (Dec. 9) that the company has completed its rollout of AirDroid 4.0.0.3 on mobile and 3.3.5.3 on the desktop, patching a security flaw that could have allowed hackers to target unsuspecting victims. 

"In this update, we have improved our encryption mechanism as planned and fixed the issue regarding the recent concern over AirDroid’s security," Chen said in a statement.

The AirDroid update is available now to all users in the Google Play marketplace.

AirDroid, which has notched between 10 million and 50 million downloads on Google Play, came under fire last week after security firm Zimperium reported on a security flaw it had discovered earlier this year that would have allowed hackers to overcome the app's encryption, giving them access to sensitive information. After targeting a user, hackers could remotely execute code on the device.

None of the best Android antivirus apps would have helped you with that. Neither would the best antivirus software or the best Mac antivirus software.

At the center of the problem was the app's use of a static encryption key to safeguard important data. What's worse, the encryption key could be easily discovered in the app's code by anyone with even a little know-how, allowing hackers to circumvent the security measures and target unsuspecting victims with a man-in-the-middle attack.

AirDroid is developed by Chinese company Sand Studio and is available in more than 30 countries. It lets users access and control their Android devices from the Web or on a PC or Mac. It also has a backup and syncing service on potentially private data like photos and videos.

Given the app's popularity, AirDroid came under intense scrutiny over the security flaw. Complaints grew even louder after Zimperium reported that it had told AirDroid's creators about the flaw all the way back in May. In subsequent updates released in November, the flaw still wasn't fixed, prompting Zimperium to speak out.

In a blog post last week, Sand Studio blamed the seemingly slow response on coding complexities. It added in its statement that it would work "tirelessly" to fix the problem. To safeguard themselves, users were encouraged to employ HTTPS and seek out additional encryption while using AirDroid. But now Sand Studio says the problem is fixed. And in addition to the security patch, the company said it's added some additional security features to bolster its app.

"Along with other security improvements, we have upgraded the communication channels to HTTPS and improved the encryption method," the company said. "Because of AirDroid’s cross-platform nature, it took us sometime to design a customized solution and level up our security in all aspects. We introduced the restructuring coding system into AirDroid4.0 and AirDroid 4.0.0.1 to make sure the compatibility works fine across platforms late in November. After a careful assessment, we started to roll out this update partially earlier this month across clients to make sure a smooth communication is performed well."

Looking ahead, Sand Studio says it will work to improve security against any "future possible threats."

Don Reisinger is CEO and founder of D2 Tech Agency. A communications strategist, consultant, and copywriter, Don has also written for many leading technology and business publications including CNET, Fortune Magazine, The New York Times, Forbes, Computerworld, Digital Trends, TechCrunch and Slashgear. He has also written for Tom's Guide for many years, contributing hundreds of articles on everything from phones to games to streaming and smart home.

Latest in Online Security
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Victims of Identity Theft
FTC says Americans lost $12 billion to scams last year and these were the worst ones — here's how to stay safe
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
OnePlus Pad 2 with keyboard
OnePlus Pad 2 Pro specs leak — this tablet is a beast
Gemini logo on smartphone
Google is giving away Gemini's best paid features for free — here's the tools you can try now
Samsung Galaxy S23 Ultra
Older Samsung phones are finally getting One UI 7 — here's all the devices
A photo of Apple CarPly in use
Apple CarPlay just got a welcome upgrade in iOS 18.4 — what you need to know
Billy Bob Thornton in Landman
‘Landman’ season 2 is official after Paramount Plus renews Taylor Sheridan drama
Everybody Live With John Mulaney
Netflix top 10 shows — here's the 3 worth watching right now