Even popular Android apps might leak personal data, study reveals
posted by Nick T. / Oct 22, 2012, 7:32 AM
In particular, these apps were discovered to expose the user's data at risk while a device running Android 4.0 is communicating with a web server. What's even more worrying is that these insecure apps were among the most popular ones on Google Play, being downloaded between 39.5 million and 185 million times already. The names of the applications were not disclosed.
"We could gather bank account information, payment credentials for PayPal, American Express and others," the researchers wrote after conducting their study. "Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted." The contents of e-mails and instant messages could also be accessed.
But how could one use these apps' security flaws to their advantage? Simply put, if an Android smartphone or a tablet is connected to a vulnerable local area network, such as a Wi-Fi hotspot, an attacker could potentially crack the security protocols used by the apps and snoop on the data they exchange. Sure, the attacker will need to have a certain exploit monitoring the activity on the network, but obtaining access to such a tool isn't as hard as it may seem.
Scary stuff, we know, which is why there should be more awareness amongst developers about implementing proper security features within apps, as the researchers suggest. There are certain methods that can make security protocols tougher to crack, or the apps could simply be checked for vulnerabilities at the time they are being installed. In fact, Google is said to have ramped up security in Android 4.2, thus likely making the platform more resistant to hacks like the one described above. What measures have been taken, however, will be known with certainty in a few days – On October 29, to be more specific, which is when a new Android release is probably going to be unveiled.
source: Ars Technica via Textually
Posts: 430; Member since: Apr 06, 2012
DAM DUM DUMMMMMN!
posted on Oct 22, 2012, 7:40 AM 3
I think Google needs to focus less on social experience and instead focus on securing their os. This is a pretty serious thing since everyone use their smartphones for a lot of things. That's a lot of data there a hacker can utilize and that's not a good thing.
posted on Oct 22, 2012, 8:45 AM 2
Posts: 91; Member since: Jul 04, 2012
This news is about the wickness of some protocols used by some popular Android Apps ==> They need to used more secure protocols or encryption algorythms. In this case, the main problem is ... the developper, not Android or Google ... exept for (apple) fanboys
posted on Oct 22, 2012, 1:27 PM 1
Posts: 621; Member since: May 07, 2012
so what are you trying to say PA
posted on Oct 22, 2012, 7:45 AM 0
Android has a big security problem where users private and sensitive data is at a huge risk.
posted on Oct 22, 2012, 8:43 AM 2
Posts: 1946; Member since: Feb 15, 2012
There's an easy fix, Don't use your Android device to conduct sensitive transactions. For example, I use Google wallet, so I purchased a prepaid debit card and don't exceed $100, just in case something goes wrong. Furthermore, Don't do any online banking, mortgage payments etc. with say, device.
posted on Oct 22, 2012, 9:35 AM 0
Posts: 78; Member since: Aug 17, 2011
Wow, we should be concerned. What is Google doing about it? Certainly they should be something to make us feel safer using their operating system and phones with it on them... Surely they should be making a Bold statement or action to improve privacy. not piracy.
posted on Oct 22, 2012, 7:51 AM 2
Posts: 6330; Member since: Mar 31, 2010
So, every study conducted on every subject is always correct? Yeah, do not react or overreact to any of this....
posted on Oct 22, 2012, 8:08 AM 3
Posts: 5993; Member since: Dec 22, 2010
Meh. Kind of like don't engage in risky behavior (hang out on unsecured hotspots) if you don't want the exposure. Of course, that increases carrier opportunity to bill you for data overages, but there are apps that monitor data use. In any event, it will be interesting to see what Google announces on the 29th. Security improvements are always welcome. Hopefully any security improvements don't impose usability burdens.
posted on Oct 22, 2012, 8:37 AM 1
Posts: 12; Member since: Oct 22, 2012
You make an excellent point. Whenever you connect up to a public insecure WiFi hotspot, there's always the potential risk. I always advocate for home secure wifi networks or yes, the secure usage from your carrier.
posted on Oct 22, 2012, 10:03 AM 0
Posts: 90; Member since: Aug 27, 2012
And they won't even name the apps that cause the problems? WTF?
posted on Oct 22, 2012, 9:12 AM 0
Posts: 299; Member since: Oct 21, 2011
I can also say that my extensive research showed that the top 50 apps in iOS have securities problems but I won't reveal which. I suppose this kind of companies sell that info. Anyway, they don't give to the accuse one the opportunity to defend.
posted on Oct 22, 2012, 11:11 AM 0
Posts: 6330; Member since: Mar 31, 2010
This is just an article to attract certain pro-apple readers - like flies to ....well, you know....which pro apple readers I am referring to here - I have used Android since june 21, 2010 and never had an issue with getting hacked or someone using my info to buy something. Just surfing a website on your PC, especially with IE, can do this.
posted on Oct 22, 2012, 5:56 PM 1
Posts: 394; Member since: Feb 02, 2011
The biggest security issue: the user. iOS has equal, if not more, non-tech savvy users, which makes it a much bigger security risk. There is a reason why the US military, governments, and other corporations are using their own version of Android. It's open source, so you can customize the level of security to be whatever you need it to be.
posted on Oct 23, 2012, 12:58 PM 0
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):