AirDroid Says It Fixed a Huge Security Flaw

The developers behind AirDroid say they've fixed the security flaw in the popular remote PC app that left Android devices vulnerable to hacks.

AirDroid chief marketing officer Betty Chen said today (Dec. 9) that the company has completed its rollout of AirDroid 4.0.0.3 on mobile and 3.3.5.3 on the desktop, patching a security flaw that could have allowed hackers to target unsuspecting victims. 

"In this update, we have improved our encryption mechanism as planned and fixed the issue regarding the recent concern over AirDroid’s security," Chen said in a statement.

The AirDroid update is available now to all users in the Google Play marketplace.

AirDroid, which has notched between 10 million and 50 million downloads on Google Play, came under fire last week after security firm Zimperium reported on a security flaw it had discovered earlier this year that would have allowed hackers to overcome the app's encryption, giving them access to sensitive information. After targeting a user, hackers could remotely execute code on the device.

None of the best Android antivirus apps would have helped you with that. Neither would the best antivirus software or the best Mac antivirus software.

At the center of the problem was the app's use of a static encryption key to safeguard important data. What's worse, the encryption key could be easily discovered in the app's code by anyone with even a little know-how, allowing hackers to circumvent the security measures and target unsuspecting victims with a man-in-the-middle attack.

AirDroid is developed by Chinese company Sand Studio and is available in more than 30 countries. It lets users access and control their Android devices from the Web or on a PC or Mac. It also has a backup and syncing service on potentially private data like photos and videos.

Given the app's popularity, AirDroid came under intense scrutiny over the security flaw. Complaints grew even louder after Zimperium reported that it had told AirDroid's creators about the flaw all the way back in May. In subsequent updates released in November, the flaw still wasn't fixed, prompting Zimperium to speak out.

In a blog post last week, Sand Studio blamed the seemingly slow response on coding complexities. It added in its statement that it would work "tirelessly" to fix the problem. To safeguard themselves, users were encouraged to employ HTTPS and seek out additional encryption while using AirDroid. But now Sand Studio says the problem is fixed. And in addition to the security patch, the company said it's added some additional security features to bolster its app.

"Along with other security improvements, we have upgraded the communication channels to HTTPS and improved the encryption method," the company said. "Because of AirDroid’s cross-platform nature, it took us sometime to design a customized solution and level up our security in all aspects. We introduced the restructuring coding system into AirDroid4.0 and AirDroid 4.0.0.1 to make sure the compatibility works fine across platforms late in November. After a careful assessment, we started to roll out this update partially earlier this month across clients to make sure a smooth communication is performed well."

Looking ahead, Sand Studio says it will work to improve security against any "future possible threats."

Don Reisinger is CEO and founder of D2 Tech Agency. A communications strategist, consultant, and copywriter, Don has also written for many leading technology and business publications including CNET, Fortune Magazine, The New York Times, Forbes, Computerworld, Digital Trends, TechCrunch and Slashgear. He has also written for Tom's Guide for many years, contributing hundreds of articles on everything from phones to games to streaming and smart home.