Sign in with
Sign up | Sign in

Thousands of Android Apps May Leak Personal Data

By - Source: BBC | B 21 comments

Some of the apps have been downloaded millions of times.

Research has indicated that several thousand Android apps trick users into divulging personal data.

Scientists carried out an investigation where they tested a total of 13,500 Android apps and found that almost 8 percent failed to protect both social media logins and bank account logins.

Researchers from the security group at the University of Leibniz, as well as the computer science department at the Philipps University of Marburg conducted the research by testing the most popular apps found in Google's Play store. Some of the apps in question had been downloaded millions of times, the researchers said.

Through the creation of a fake Wi-Fi hotspot, as well as utilizing a specific attack tool that spies on the data the apps sent, the researchers could:

  • Capture login details for online bank accounts, email services, social media sites and corporate networks
  • Disable security programs or fool them into labeling secure apps as infected
  • Inject computer code into the data stream that made apps carry out specific commands
In addition, an attacker could re-direct a request to transfer funds. They could also it look like the app was proceeding the transaction without any change.

"About half of the participants could not judge the security state of a browser session correctly," the researchers said. "Most importantly, research is needed to study which counter-measures offer the right combination of usability for developers and users, security benefits and economic incentives to be deployed on a large scale."

There have been several security issues relating to Google's open Android mobile platform through suspicious apps. For example, an Android security flaw had the ability to erase all data.

While it has yet to respond to the researchers' findings, Google is said to be working on integrating a built-in Android malware scanner.



Contact Us for News Tips, Corrections and Feedback         
Discuss
Display all 21 comments.
This thread is closed for comments
  • -8 Hide
    robochump , October 23, 2012 11:48 PM
    otacon72Slam iOS all you want but I'd rather be running that then have to deal with all the malware and security holes Android has. You can blame it in the app developers all you want but Android is an inherently unsecure OS. Let the Android fanboy thumb downs begin!


    Dont take it too serious, its all in nerdy fan boyism fun for either camp though Tom's is more Anti-Apple than most sites....heh.
  • -7 Hide
    otacon72 , October 23, 2012 11:53 PM
    robochumpDont take it too serious, its all in nerdy fan boyism fun for either camp though Tom's is more Anti-Apple than most sites....heh.


    I'll never buy an Apple computer but I own the iPhone5. Was with RIM for years but wanted something different. Tried Android but I shouldn't have to hack my phone to uninstall bloatware. Tried the iPhone5 and I was sold. I have very large hands and I found the S3 too big. If I want something larger than the iP5 I'll get a tablet.
  • 8 Hide
    joytech22 , October 24, 2012 12:02 AM
    Android is already very secure, before installing applications you have to AGREE to install the applications with the permissions required to run the application.

    Second - Android is fairly secure for an open OS, where flaws can be found within the source code by malicious users.

    Third - Every OS has SOME security issues

    Fourth - In order for the data to be leaked, you have to be using the specific applications vulnerable to this as well as be connected to a fake WiFi hotspot. Most people use their mobile data over WiFi networks on their daily commutes.
  • 7 Hide
    joytech22 , October 24, 2012 12:10 AM
    robochumpGlad I have iOS and Apple is strict on Apps for a reason (too many evil doers!!! heh). OK iHaters thumbs me down....woot!!!


    You don't understand how this stuff works do you.
    Back to your toys then.
  • 7 Hide
    Kami3k , October 24, 2012 12:34 AM
    otacon72I'll never buy an Apple computer but I own the iPhone5. Was with RIM for years but wanted something different. Tried Android but I shouldn't have to hack my phone to uninstall bloatware. Tried the iPhone5 and I was sold. I have very large hands and I found the S3 too big. If I want something larger than the iP5 I'll get a tablet.


    Nexus phone.

    Wow, that was so hard, NOT!
  • -7 Hide
    robochump , October 24, 2012 12:49 AM
    joytech22You don't understand how this stuff works do you.Back to your toys then.


    Its so complicated...lol. Apple, Google, and MS all have development tools ,rules, and guidelines for App submission and approval. Most know Droid is based on Linux (freeware) which is fairly secure and iOS which is based on UNIX, very secure but no matter how secure as OS is, poor coding will easily be attacked through its flaws.

    The App developers are mostly to blame for insecure Apps but Google allowing their insecure Apps to make it to their store is fail too.
  • 9 Hide
    ddpruitt , October 24, 2012 1:05 AM
    otacon72Slam iOS all you want but I'd rather be running that then have to deal with all the malware and security holes Android has. You can blame it in the app developers all you want but Android is an inherently unsecure OS. Let the Android fanboy thumb downs begin!


    All systems have malware. I remember the exact same argument with MacOS, then they had this problem:

    http://abcnews.go.com/blogs/technology/2012/04/mac-os-x-report-virus-infects-600000-computers/

    While the OS has a major effect, the behaviour of the user makes the biggest difference. On top of that you could have issues outside the OS, like browser problems and bugs. And as of right now Google is working on an anti-malware product, no such thing from Cupertino yet.
  • 5 Hide
    house70 , October 24, 2012 1:06 AM
    Linux is based on UNIX; the strength of security of these OSes is fairly similar.

    Interesting how they had to utilize the equivalent of an artillery barrage to "expose" a security flaw. Kinda like using a power-tool to crack open a nut and then complaining that the nut was not strong enough.

    " They could also it look like the app was proceeding the transaction without any change." - What the f... was that? Zak, if you're gonna troll, at least do it in English.

    @joytech22 - dude, you're wasting your breath. Besides, it's a good thing when people admit their limitations. To each his own. See below.

    About this "study": looks like they tried really hard to crack this nut open; given the scarcity of funds in academia, I can't help but wonder who funded this?

    Mentioning that so-called security flaw that could erase all data again and again proves that Zak has no clue what he's talking about. I have explained in detail before why that is, I will only state again that no app can self-install on Android and no app can be installed without explicit permissions given. That's how it works. Stupid people will do stupid things with their phones and then complain about the lack of security (and that's why is good to see some that have acknowledged their limits and regressed to simpler things).
    Q.O.D.
  • 8 Hide
    house70 , October 24, 2012 1:09 AM
    ddpruittAll systems have malware. I remember the exact same argument with MacOS, then they had this problem:http://abcnews.go.com/blogs/techno [...] computers/While the OS has a major effect, the behaviour of the user makes the biggest difference. On top of that you could have issues outside the OS, like browser problems and bugs. And as of right now Google is working on an anti-malware product, no such thing from Cupertino yet.

    Forgot to mention how at every single Black hat conferences the "very secure" OSX (upon which iOS is built) is always the first one to bite the dust.
  • 7 Hide
    vishnusivathej , October 24, 2012 1:47 AM
    I guess this post is more intended to turn the people towards apple with their new products...

    am i true toms???????
  • -5 Hide
    reprotected , October 24, 2012 2:55 AM
    robochumpDont take it too serious, its all in nerdy fan boyism fun for either camp though Tom's is more Anti-Apple than most sites....heh.

    Or the intelligence and mentality is comparable to 14 year old kids who plan to change the world of technology by telling everyone that they bought an Android phone and that iPhone's are stupid rather than get a degree in engineering or compsci.

    otacon72I'll never buy an Apple computer but I own the iPhone5. Was with RIM for years but wanted something different. Tried Android but I shouldn't have to hack my phone to uninstall bloatware. Tried the iPhone5 and I was sold. I have very large hands and I found the S3 too big. If I want something larger than the iP5 I'll get a tablet.

    Potentially the most intelligent comment in all Tom's Hardware article posts. I like the size of the iPhone's compared to my Galaxy S II. I used the iPod touch for 2 years, since day one, was adapted to the keyboard. Galaxy S II, although adapted to a certain extent, cannot compare to the smaller width of the iProducts. If there was an Android that was comparable to the size of an iPhone and not sluggish like those 1 ghz single core phones, I would be the happiest Android user alive. You sir have just increased the IQ of article posters in Tom's Hardware. I applaud.

    Kami3kNexus phone.Wow, that was so hard, NOT!

    Have you ever even seen a Nexus phone?

    To Tom's Hardware editors: Make more Apple news.
  • -3 Hide
    killerclick , October 24, 2012 6:40 AM
    This article is brought to you Microsoft.
  • 0 Hide
    classzero , October 24, 2012 1:00 PM
    Say it ain't so Google!
  • -3 Hide
    bllue , October 24, 2012 1:41 PM
    I'm not surprised. Android is the least secure of 3 big ones
  • 2 Hide
    jerm1027 , October 24, 2012 2:15 PM
    vishnusivathejI guess this post is more intended to turn the people towards apple with their new products...am i true toms???????

    It's Zak Islam in particular. Many users have pointed out this trend of bashing every product except ones made by Apple. I take the articles he writes with a grain of salt.
  • 2 Hide
    jerm1027 , October 24, 2012 2:20 PM
    bllueI'm not surprised. Android is the least secure of 3 big ones

    Android's attacks has more to do with user incompetence than lack of security. Android is built on a Linux kernel, Linux being more secure than either Mac OS X and Windows. Again, with every app installed, it lists all the permissions the app is going to need, and the user has to explicitly click "install." The problem is even if the a permission states "collect all private data and sell it on the internet", most people would still click install.
  • 1 Hide
    house70 , October 24, 2012 3:21 PM
    bllueI'm not surprised. Android is the least secure of 3 big ones

    Trollalalalalala....
  • -1 Hide
    bigdog44 , October 24, 2012 3:45 PM
    The excuse that its the users fault is no excuse. Just because the user has to give permission for an app to install, doesnt mean that even if user isnt too lazy to read the permissions, that they understand what the permissions will affect. An OSs security needs to account for the techno-illiterate if they truly care about the end-user and want to have a large secure install base.
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter