Zimperium has revealed its findings from its zLabs team showing that thousands of popular Android apps are still using an outdated mapping component that could put users and enterprises at risk.
The apps included top travel, airline and weather apps.
The investigation, titled ‘Follow the map to enterprise risk: What’s inside popular Android apps’ found that a legacy library known as libmapbox-gl.so, once part of Mapbox GL Native remains embedded in thousands of active apps despite being deprecated in 2023.
Zimperium notes that the outdated library includes older code versions containing known security flaws and issues that could be exploited to compromise devices, steal data or disrupt app functionality.
Zimperium continues to work closely with Google through the App Defense Alliance (ADA) to strengthen app ecosystem security.
While there is currently no evidence of active exploitation, developers using the archived Mapbox GL Native SDK are strongly encouraged to migrate to Mapbox Maps SDK v10+ or MapLibre to maintain app security and integrity.
Nico Chiaraviglio, Chief Scientist at Zimperium commented: “These vulnerabilities transform everyday apps into potential attack vectors.
“When trusted applications ship with outdated components, it creates blind spots that can expose both users and enterprises.
“Our mission is to help organizations gain visibility into these hidden risks so they can protect the mobile apps and devices that power their business,” he concluded.
According to Zimperium, the analysis revealed:
