Even popular Android apps might leak personal data, study reveals

Even popular Android apps might leak personal data, study reveals
Are Android apps secure enough for us to let them handle our finances and personal information? Quite a few of them aren't, according to a recent research that analyzed how well various applications protect the user's sensitive data. The study was conducted by the Leibniz University of Hannover, Germany, in partnership with the Philipps University of Marburg, the researchers came up with a list of 41 Android apps that should use tighter security measures.

In particular, these apps were discovered to expose the user's data at risk while a device running Android 4.0 is communicating with a web server. What's even more worrying is that these insecure apps were among the most popular ones on Google Play, being downloaded between 39.5 million and 185 million times already. The names of the applications were not disclosed.

"We could gather bank account information, payment credentials for PayPal, American Express and others," the researchers wrote after conducting their study. "Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted." The contents of e-mails and instant messages could also be accessed.

But how could one use these apps' security flaws to their advantage? Simply put, if an Android smartphone or a tablet is connected to a vulnerable local area network, such as a Wi-Fi hotspot, an attacker could potentially crack the security protocols used by the apps and snoop on the data they exchange. Sure, the attacker will need to have a certain exploit monitoring the activity on the network, but obtaining access to such a tool isn't as hard as it may seem.

Scary stuff, we know, which is why there should be more awareness amongst developers about implementing proper security features within apps, as the researchers suggest. There are certain methods that can make security protocols tougher to crack, or the apps could simply be checked for vulnerabilities at the time they are being installed. In fact, Google is said to have ramped up security in Android 4.2, thus likely making the platform more resistant to hacks like the one described above. What measures have been taken, however, will be known with certainty in a few days – On October 29, to be more specific, which is when a new Android release is probably going to be unveiled.

source: Ars Technica via Textually



1. Raymond_htc

Posts: 430; Member since: Apr 06, 2012


9. Mxyzptlk unregistered

I think Google needs to focus less on social experience and instead focus on securing their os. This is a pretty serious thing since everyone use their smartphones for a lot of things. That's a lot of data there a hacker can utilize and that's not a good thing.

18. shuaibhere

Posts: 1986; Member since: Jul 07, 2012

Google knows better than you.... android 4.2 is goin to be more secure than ios or anything else.....

21. gallitoking

Posts: 4721; Member since: May 17, 2011

to bad in won't be in all devices until 2015

22. Quezdagreat

Posts: 428; Member since: Apr 05, 2012

Ouch lol

19. easymomo

Posts: 91; Member since: Jul 04, 2012

This news is about the wickness of some protocols used by some popular Android Apps ==> They need to used more secure protocols or encryption algorythms. In this case, the main problem is ... the developper, not Android or Google ... exept for (apple) fanboys

2. dickwyn

Posts: 621; Member since: May 07, 2012

so what are you trying to say PA

8. Mxyzptlk unregistered

Android has a big security problem where users private and sensitive data is at a huge risk.

14. JunitoNH

Posts: 1946; Member since: Feb 15, 2012

There's an easy fix, Don't use your Android device to conduct sensitive transactions. For example, I use Google wallet, so I purchased a prepaid debit card and don't exceed $100, just in case something goes wrong. Furthermore, Don't do any online banking, mortgage payments etc. with say, device.

3. iliketech

Posts: 78; Member since: Aug 17, 2011

Wow, we should be concerned. What is Google doing about it? Certainly they should be something to make us feel safer using their operating system and phones with it on them... Surely they should be making a Bold statement or action to improve privacy. not piracy.

5. networkdood

Posts: 6330; Member since: Mar 31, 2010

So, every study conducted on every subject is always correct? Yeah, do not react or overreact to any of this....

10. Mxyzptlk unregistered

Why shouldn't he react?

7. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Meh. Kind of like don't engage in risky behavior (hang out on unsecured hotspots) if you don't want the exposure. Of course, that increases carrier opportunity to bill you for data overages, but there are apps that monitor data use. In any event, it will be interesting to see what Google announces on the 29th. Security improvements are always welcome. Hopefully any security improvements don't impose usability burdens.

15. phonegeek2

Posts: 12; Member since: Oct 22, 2012

You make an excellent point. Whenever you connect up to a public insecure WiFi hotspot, there's always the potential risk. I always advocate for home secure wifi networks or yes, the secure usage from your carrier.

4. networkdood

Posts: 6330; Member since: Mar 31, 2010

Just using ANY smartphone can be a security risk...there...end of story...

6. networkdood

Posts: 6330; Member since: Mar 31, 2010

Reading P.A. articles have lowered the average reader's IQ by 10 points, says a study at Harvard conducted my Dr. Ezekiel Snodgrass....

11. Quezdagreat

Posts: 428; Member since: Apr 05, 2012

Google response: "you're downloading the apps wrong"

12. redsox420

Posts: 90; Member since: Aug 27, 2012

And they won't even name the apps that cause the problems? WTF?

13. Quezdagreat

Posts: 428; Member since: Apr 05, 2012

Too many to name

16. NexusKoolaid

Posts: 493; Member since: Oct 24, 2011

Probably to give the publishers time to patch the holes before they go public.

17. xtremesv

Posts: 299; Member since: Oct 21, 2011

I can also say that my extensive research showed that the top 50 apps in iOS have securities problems but I won't reveal which. I suppose this kind of companies sell that info. Anyway, they don't give to the accuse one the opportunity to defend.

20. networkdood

Posts: 6330; Member since: Mar 31, 2010

This is just an article to attract certain pro-apple readers - like flies to ....well, you know....which pro apple readers I am referring to here - I have used Android since june 21, 2010 and never had an issue with getting hacked or someone using my info to buy something. Just surfing a website on your PC, especially with IE, can do this.

23. sgogeta4

Posts: 394; Member since: Feb 02, 2011

The biggest security issue: the user. iOS has equal, if not more, non-tech savvy users, which makes it a much bigger security risk. There is a reason why the US military, governments, and other corporations are using their own version of Android. It's open source, so you can customize the level of security to be whatever you need it to be.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.