Even popular Android apps might leak personal data, study reveals
In particular, these apps were discovered to expose the user's data at risk while a device running Android 4.0 is communicating with a web server. What's even more worrying is that these insecure apps were among the most popular ones on Google Play, being downloaded between 39.5 million and 185 million times already. The names of the applications were not disclosed.
"We could gather bank account information, payment credentials for PayPal, American Express and others," the researchers wrote after conducting their study. "Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted." The contents of e-mails and instant messages could also be accessed.
But how could one use these apps' security flaws to their advantage? Simply put, if an Android smartphone or a tablet is connected to a vulnerable local area network, such as a Wi-Fi hotspot, an attacker could potentially crack the security protocols used by the apps and snoop on the data they exchange. Sure, the attacker will need to have a certain exploit monitoring the activity on the network, but obtaining access to such a tool isn't as hard as it may seem.
Scary stuff, we know, which is why there should be more awareness amongst developers about implementing proper security features within apps, as the researchers suggest. There are certain methods that can make security protocols tougher to crack, or the apps could simply be checked for vulnerabilities at the time they are being installed. In fact, Google is said to have ramped up security in Android 4.2, thus likely making the platform more resistant to hacks like the one described above. What measures have been taken, however, will be known with certainty in a few days – On October 29, to be more specific, which is when a new Android release is probably going to be unveiled.
source: Ars Technica via Textually
Posts: 430; Member since: Apr 06, 2012
posted on Oct 22, 2012, 7:40 AM 3
posted on Oct 22, 2012, 8:45 AM 2
Posts: 91; Member since: Jul 04, 2012
posted on Oct 22, 2012, 1:27 PM 1
Posts: 621; Member since: May 07, 2012
posted on Oct 22, 2012, 7:45 AM 0
posted on Oct 22, 2012, 8:43 AM 2
Posts: 1946; Member since: Feb 15, 2012
posted on Oct 22, 2012, 9:35 AM 0
Posts: 78; Member since: Aug 17, 2011
posted on Oct 22, 2012, 7:51 AM 2
Posts: 6330; Member since: Mar 31, 2010
posted on Oct 22, 2012, 8:08 AM 3
Posts: 5993; Member since: Dec 22, 2010
posted on Oct 22, 2012, 8:37 AM 1
Posts: 12; Member since: Oct 22, 2012
posted on Oct 22, 2012, 10:03 AM 0
Posts: 90; Member since: Aug 27, 2012
posted on Oct 22, 2012, 9:12 AM 0
Posts: 299; Member since: Oct 21, 2011
posted on Oct 22, 2012, 11:11 AM 0
Posts: 6330; Member since: Mar 31, 2010
posted on Oct 22, 2012, 5:56 PM 1
Posts: 394; Member since: Feb 02, 2011
posted on Oct 23, 2012, 12:58 PM 0
PhoneArena Comments Rules
A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
- Off-topic talk - you must stick to the subject of discussion
- Trolling - see a description
- Flame wars
- Offensive, hate speech - if you want to say something, say it politely
- Spam/Advertisements - these posts are deleted
- Multiple accounts - one person can have only one account
- Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):