Android APPs Found To Be Leaking Private Data.
Researchers at Leibniz University of Hannover and Philipps University of Marburg in Germany have recently published findings stating that they have discovered a number of Android Apps currently available for download are subject to major encryption issues/flaws.
These 41 Apps in the Google Play Store are said to be leaking sensitive data such as credit card information, social networking passwords and email content. During the study researchers used a Samsung Galaxy Nexus smart-phone operating on Android 4.0 Ice Cream Sandwich and downloaded over 13,000 free Apps for testing, over 1,000 of these Apps were found to contain code that is potentially vulnerable to “man-in-the-middle” (MITM) attacks allowing cyber criminals to intercept messages or data that is supposed to be private and secure.
The team manually audited 100 of the downloaded APPs and found that they were able to successfully launch attacks on 41 of them.
The researchers issued the following statement…
“Of the 100 apps selected for manual audit, 41 apps proved to have exploitable vulnerabilities, we could gather bank account information, payment credentials for PayPal, American Express and others. Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted.” After retrieving the information, the team said they were “able to inject virus signatures into an anti-virus app to detect arbitrary apps as a virus or disable virus detection completely.”
The researchers did not name the vulnerable APPs but did state that they had successfully attacked a popular cross-platform messaging service which has a user base of between 10 and 50 million users and successfully obtained telephone numbers from users address books.