Even popular Android apps might leak personal data, study reveals
In particular, these apps were discovered to expose the user's data at risk while a device running Android 4.0 is communicating with a web server. What's even more worrying is that these insecure apps were among the most popular ones on Google Play, being downloaded between 39.5 million and 185 million times already. The names of the applications were not disclosed.
"We could gather bank account information, payment credentials for PayPal, American Express and others," the researchers wrote after conducting their study. "Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted." The contents of e-mails and instant messages could also be accessed.
But how could one use these apps' security flaws to their advantage? Simply put, if an Android smartphone or a tablet is connected to a vulnerable local area network, such as a Wi-Fi hotspot, an attacker could potentially crack the security protocols used by the apps and snoop on the data they exchange. Sure, the attacker will need to have a certain exploit monitoring the activity on the network, but obtaining access to such a tool isn't as hard as it may seem.
Scary stuff, we know, which is why there should be more awareness amongst developers about implementing proper security features within apps, as the researchers suggest. There are certain methods that can make security protocols tougher to crack, or the apps could simply be checked for vulnerabilities at the time they are being installed. In fact, Google is said to have ramped up security in Android 4.2, thus likely making the platform more resistant to hacks like the one described above. What measures have been taken, however, will be known with certainty in a few days – On October 29, to be more specific, which is when a new Android release is probably going to be unveiled.
source: Ars Technica via Textually
9. Mxyzptlk posted on 22 Oct 2012, 08:45 2 4
I think Google needs to focus less on social experience and instead focus on securing their os. This is a pretty serious thing since everyone use their smartphones for a lot of things. That's a lot of data there a hacker can utilize and that's not a good thing.
18. shuaibhere posted on 22 Oct 2012, 12:16 0 0
Google knows better than you....
android 4.2 is goin to be more secure than ios or anything else.....
21. gallitoking posted on 22 Oct 2012, 18:16 1 2
to bad in won't be in all devices until 2015
22. Quezdagreat posted on 22 Oct 2012, 19:59 0 0
19. easymomo posted on 22 Oct 2012, 13:27 1 0
This news is about the wickness of some protocols used by some popular Android Apps ==> They need to used more secure protocols or encryption algorythms.
In this case, the main problem is ... the developper, not Android or Google ... exept for (apple) fanboys
8. Mxyzptlk posted on 22 Oct 2012, 08:43 2 4
Android has a big security problem where users private and sensitive data is at a huge risk.
14. JunitoNH posted on 22 Oct 2012, 09:35 0 0
There's an easy fix, Don't use your Android device to conduct sensitive transactions. For example, I use Google wallet, so I purchased a prepaid debit card and don't exceed $100, just in case something goes wrong. Furthermore, Don't do any online banking, mortgage payments etc. with say, device.
3. iliketech posted on 22 Oct 2012, 07:51 2 1
Wow, we should be concerned. What is Google doing about it? Certainly they should be something to make us feel safer using their operating system and phones with it on them... Surely they should be making a Bold statement or action to improve privacy. not piracy.
5. networkdood posted on 22 Oct 2012, 08:08 3 1
So, every study conducted on every subject is always correct? Yeah, do not react or overreact to any of this....
7. Droid_X_Doug posted on 22 Oct 2012, 08:37 1 1
Meh. Kind of like don't engage in risky behavior (hang out on unsecured hotspots) if you don't want the exposure. Of course, that increases carrier opportunity to bill you for data overages, but there are apps that monitor data use.
In any event, it will be interesting to see what Google announces on the 29th. Security improvements are always welcome. Hopefully any security improvements don't impose usability burdens.
15. phonegeek2 posted on 22 Oct 2012, 10:03 0 0
You make an excellent point. Whenever you connect up to a public insecure WiFi hotspot, there's always the potential risk. I always advocate for home secure wifi networks or yes, the secure usage from your carrier.
4. networkdood posted on 22 Oct 2012, 08:07 6 2
Just using ANY smartphone can be a security risk...there...end of story...
6. networkdood posted on 22 Oct 2012, 08:09 2 2
Reading P.A. articles have lowered the average reader's IQ by 10 points, says a study at Harvard conducted my Dr. Ezekiel Snodgrass....
11. Quezdagreat posted on 22 Oct 2012, 08:59 0 5
Google response: "you're downloading the apps wrong"
12. redsox420 posted on 22 Oct 2012, 09:12 0 0
And they won't even name the apps that cause the problems? WTF?
16. NexusKoolaid posted on 22 Oct 2012, 10:41 1 0
Probably to give the publishers time to patch the holes before they go public.
17. xtremesv posted on 22 Oct 2012, 11:11 0 0
I can also say that my extensive research showed that the top 50 apps in iOS have securities problems but I won't reveal which. I suppose this kind of companies sell that info.
Anyway, they don't give to the accuse one the opportunity to defend.
20. networkdood posted on 22 Oct 2012, 17:56 1 0
This is just an article to attract certain pro-apple readers - like flies to ....well, you know....which pro apple readers I am referring to here - I have used Android since june 21, 2010 and never had an issue with getting hacked or someone using my info to buy something. Just surfing a website on your PC, especially with IE, can do this.
23. sgogeta4 posted on 23 Oct 2012, 12:58 0 0
The biggest security issue: the user. iOS has equal, if not more, non-tech savvy users, which makes it a much bigger security risk. There is a reason why the US military, governments, and other corporations are using their own version of Android. It's open source, so you can customize the level of security to be whatever you need it to be.