Apps used by millions of users susceptible to email and password theft

October 22, 2012
5

A new security breach has been found in many Android apps that could compromise users' email accounts, bank information, and social networking credentials. The cause of this is inadequate encryption protections, according to a new research study. This could cause some serious security concerns for users of these apps.


In all, there are 41 apps called to attention in this study. Sadly, the researchers did not cite specific applications that have this weakness, but they did say the apps in question have been downloaded somewhere between 39.5 million and 185 million times, based on Google's statistics. This could definitely be something Android users need to keep an eye on, as broadcasting your private data to malicious individuals is never a good thing.

The researchers said that Google could take steps to prevent this from happening, but they did not say whether any of the apps in question were developed by Google directly. They did say that in their testing they were able to get "bank account information, payment credentials for PayPal, American Express and others." They were also able to get access to "Facebook, email and cloud storage credentials and messages . . . access to IP cameras was gained and control channels for apps and remote servers."

The researches downloaded 13,500 free apps from Google Play to perform its testing. Unfortunately, without specific apps listed, it's hard for Android users to know which apps they should worry about. There's no guarantee that your information will be compromised even if you use these apps, but it certainly something to keep your eye on when using an app that requires access to your private information.

[via ArsTechnica]


Recent Stories

  • daehder

    I would have thought that if it was as huge a problem as they say it is that they would make the apps known or inform Google of these apps security risks.

    It’s very difficult to take these studies seriously if they only output the scaremongering without evidence. What is worse is that journalists put it out into the world as factual.

  • BobQ

    Daehder, you are correct. Why state there are atleast 41 apps that can comprise your private info and don’t let us know what it is. This site is just trying to grab our attention for displaying their ads.

  • crankyd00d

    To me it sounds like this “research” was funded by the likes of Apple or Microsoft. Release the names of the apps so we can bitch at the developers and get it fixed, otherwise what a waste of everybody’s time

    • fsd717

      I’m very well agree with you on this one but more likely coming from the fruit company I think.

  • dg

    This is a standard “man in the middle” vulnerability. The apps in question are not using adequate security when communicating across the internet. This is not an “Android problem”, the same concerns exist with iOS or even desktop apps.

    This report is useless. Things will only change if the app developers are shamed into doing things correctly. This requires publishing the names of the apps.