Scientists have tested 13,500 Android applications and they have found that around 8 percent of them are failing to protect bank account and social media login information.
The disturbing findings have highlighted that the software is failing to implement standard protection routines allowing ‘man in the middle’ attacks to reveal personal data.
The researchers from the security group at Leibniz University of Hanover and the computer science department at the Phillipps University of Marburg tested the most popular applications in Google’s Play store.
They created a fake wifi spot and then utilized a specially created attack tool to spy on the data the applications sent via that route.
The researchers were able to:
- capture login details for online bank accounts, email services, social media sites and corporate networks
- disable security programs or fool them into labelling secure apps as infected
- inject computer code into the data stream that made apps carry out specific commands
The attackers were even able to redirect requests to transfer funds from bank accounts while covering their tracks with the end user. The researchers said that some of these affected applications had been downloaded millions of times.
You can read more information on this research over here.
Kitguru says: A worrying state of affairs for the Android community.