Some of the apps have been downloaded millions of times.
Research has indicated that several thousand Android apps trick users into divulging personal data.
Scientists carried out an investigation where they tested a total of 13,500 Android apps and found that almost 8 percent failed to protect both social media logins and bank account logins.
Researchers from the security group at the University of Leibniz, as well as the computer science department at the Philipps University of Marburg conducted the research by testing the most popular apps found in Google's Play store. Some of the apps in question had been downloaded millions of times, the researchers said.
Through the creation of a fake Wi-Fi hotspot, as well as utilizing a specific attack tool that spies on the data the apps sent, the researchers could:
- Capture login details for online bank accounts, email services, social media sites and corporate networks
- Disable security programs or fool them into labeling secure apps as infected
- Inject computer code into the data stream that made apps carry out specific commands
"About half of the participants could not judge the security state of a browser session correctly," the researchers said. "Most importantly, research is needed to study which counter-measures offer the right combination of usability for developers and users, security benefits and economic incentives to be deployed on a large scale."
There have been several security issues relating to Google's open Android mobile platform through suspicious apps. For example, an Android security flaw had the ability to erase all data.
While it has yet to respond to the researchers' findings, Google is said to be working on integrating a built-in Android malware scanner.
Contact Us for News Tips, Corrections and Feedback