Test of 13,500 popular apps in Google Play Store raises questions about Android security
Millions of people using Android devices could be at risk because legitimate apps don't properly secure personal data, a new study has found.
Tests on 13,500 of the most popular legitimate apps found in the Google Play Store carried out by researchers at Leibniz and Philipps Universities in Germany, found the information they gathered could easily be intercepted.
The study said "billions of apps" had been downloaded. And while many "have a legitimate need to communicate over the internet and are then responsible for protecting potentially sensitive data during transit", developers have not put in basic security precautions such as encrypting information when this is transferred.
According to the researchers who set up a fake Wifi hotspot and created an attack tool, information such as login details for bank accounts, social media sites, and emails were easily intercepted.
They also found that they could carry out man-in-the-middle attacks. This is where the criminals alter the amount a person is transferring between accounts – for example, £50 is changed to £500. But with these attacks the user never sees the change until their bank statement arrives.
The researchers could also disrupt mobile security programs such as disabling them or making them think secure apps were malicious.
Although they found that the default browser with Android displays "meaningful error messages", this still "relies on the ability of the user to understand what the displayed warning messages mean and what the safest behaviour is.
The teams' follow-up research found, however, that people still often didn't understand the dangers and half of the 754 users surveyed struggled to spot they were at risk.
With the ongoing problem of rogue apps, the study concluded that: "... research is needed to study which counter-measures offer the right combination of usability for developers and users, security benefits and economic incentives to be deployed on a large scale."
Updating your subscription status