Researchers have uncovered 41 popular Android apps which are leaking sensitive information of the users ranging from Credit Card information to Social networks and E-mail passwords, the new research suggest.
Researchers from the Leibniz University of Hannover and Philipps University of Marburg (both of Germany) have released their findings about some of the most popular apps of the Android OS, which are one of the most downloaded apps of the Play Store and subject to major encryption issues.
(Note: The study was only conducted among Android apps, but app security issues are likely to pop up on other platforms, as well.)
The team uses a Samsung Galaxy Nexus Smartphone for the research which runs on the Android Ice Cream Sandwich (v 4.0) and downloaded 13,500 most popular free apps from the Android Play Store. The team found that among all of the apps 1,074 apps (around 8%) are written on a code that is potentially vulnerable to the ultra sensitive information. The team said that the code will be proved useful for the Man-in Middle attacks, which will allow a Computer hacker or a Cyber Criminal to intercept an information which is assumed to be private and secure.
The team shortlist 100 of the most vulnerable apps and perform attack on them and succeeded o performing the apps on 41 apps.
The researcher said that “Of the 100 apps selected for manual audit, 41 apps proved to have exploitable vulnerabilities. We could gather bank account information, payment credentials for PayPal, American Express and others. Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted.”
After getting all the information of the apps, the researchers said that they were “able to inject virus signatures into an anti-virus app to detect arbitrary apps as a virus or disable virus detection completely.”
The researchers however didn’t provide with the name of the apps they tested but they provided us with some details such as they attacked a very popular cross-platform messaging app, which have a user database between 10 and 50 million users and they succeeded in retrieving the contact details from the users phone book.
They also said a very popular app of Web 2.0 site with a install base of 500,000 to 1 million user is also very vulnerable and they attacked it easily.
The researchers said that “When using a Facebook or Google account for login, the app initiates OAuth login sequences and leaks Facebook or Google login credentials.”
Google however, declined to comment on the study led by the team.
<LET>Are you still satisfied with your android apps? Do you believe in the study? Tell us in the Comments below.<LET>