Thousands of Android Apps May Leak Personal Data
Some of the apps have been downloaded millions of times.
Research has indicated that several thousand Android apps trick users into divulging personal data.
Scientists carried out an investigation where they tested a total of 13,500 Android apps and found that almost 8 percent failed to protect both social media logins and bank account logins.
Researchers from the security group at the University of Leibniz, as well as the computer science department at the Philipps University of Marburg conducted the research by testing the most popular apps found in Google's Play store. Some of the apps in question had been downloaded millions of times, the researchers said.
Through the creation of a fake Wi-Fi hotspot, as well as utilizing a specific attack tool that spies on the data the apps sent, the researchers could:
- Capture login details for online bank accounts, email services, social media sites and corporate networks
- Disable security programs or fool them into labeling secure apps as infected
- Inject computer code into the data stream that made apps carry out specific commands
"About half of the participants could not judge the security state of a browser session correctly," the researchers said. "Most importantly, research is needed to study which counter-measures offer the right combination of usability for developers and users, security benefits and economic incentives to be deployed on a large scale."
There have been several security issues relating to Google's open Android mobile platform through suspicious apps. For example, an Android security flaw had the ability to erase all data.
While it has yet to respond to the researchers' findings, Google is said to be working on integrating a built-in Android malware scanner.
Contact Us for News Tips, Corrections and Feedback

Dont take it too serious, its all in nerdy fan boyism fun for either camp though Tom's is more Anti-Apple than most sites....heh.
I'll never buy an Apple computer but I own the iPhone5. Was with RIM for years but wanted something different. Tried Android but I shouldn't have to hack my phone to uninstall bloatware. Tried the iPhone5 and I was sold. I have very large hands and I found the S3 too big. If I want something larger than the iP5 I'll get a tablet.
Second - Android is fairly secure for an open OS, where flaws can be found within the source code by malicious users.
Third - Every OS has SOME security issues
Fourth - In order for the data to be leaked, you have to be using the specific applications vulnerable to this as well as be connected to a fake WiFi hotspot. Most people use their mobile data over WiFi networks on their daily commutes.
You don't understand how this stuff works do you.
Back to your toys then.
Nexus phone.
Wow, that was so hard, NOT!
Its so complicated...lol. Apple, Google, and MS all have development tools ,rules, and guidelines for App submission and approval. Most know Droid is based on Linux (freeware) which is fairly secure and iOS which is based on UNIX, very secure but no matter how secure as OS is, poor coding will easily be attacked through its flaws.
The App developers are mostly to blame for insecure Apps but Google allowing their insecure Apps to make it to their store is fail too.
All systems have malware. I remember the exact same argument with MacOS, then they had this problem:
http://abcnews.go.com/blogs/technology/2012/04/mac-os-x-report-virus-infects-600000-computers/
While the OS has a major effect, the behaviour of the user makes the biggest difference. On top of that you could have issues outside the OS, like browser problems and bugs. And as of right now Google is working on an anti-malware product, no such thing from Cupertino yet.
Interesting how they had to utilize the equivalent of an artillery barrage to "expose" a security flaw. Kinda like using a power-tool to crack open a nut and then complaining that the nut was not strong enough.
" They could also it look like the app was proceeding the transaction without any change." - What the f... was that? Zak, if you're gonna troll, at least do it in English.
@joytech22 - dude, you're wasting your breath. Besides, it's a good thing when people admit their limitations. To each his own. See below.
About this "study": looks like they tried really hard to crack this nut open; given the scarcity of funds in academia, I can't help but wonder who funded this?
Mentioning that so-called security flaw that could erase all data again and again proves that Zak has no clue what he's talking about. I have explained in detail before why that is, I will only state again that no app can self-install on Android and no app can be installed without explicit permissions given. That's how it works. Stupid people will do stupid things with their phones and then complain about the lack of security (and that's why is good to see some that have acknowledged their limits and regressed to simpler things).
Q.O.D.
Forgot to mention how at every single Black hat conferences the "very secure" OSX (upon which iOS is built) is always the first one to bite the dust.
am i true toms???????
Or the intelligence and mentality is comparable to 14 year old kids who plan to change the world of technology by telling everyone that they bought an Android phone and that iPhone's are stupid rather than get a degree in engineering or compsci.
Potentially the most intelligent comment in all Tom's Hardware article posts. I like the size of the iPhone's compared to my Galaxy S II. I used the iPod touch for 2 years, since day one, was adapted to the keyboard. Galaxy S II, although adapted to a certain extent, cannot compare to the smaller width of the iProducts. If there was an Android that was comparable to the size of an iPhone and not sluggish like those 1 ghz single core phones, I would be the happiest Android user alive. You sir have just increased the IQ of article posters in Tom's Hardware. I applaud.
Have you ever even seen a Nexus phone?
To Tom's Hardware editors: Make more Apple news.
It's Zak Islam in particular. Many users have pointed out this trend of bashing every product except ones made by Apple. I take the articles he writes with a grain of salt.
Android's attacks has more to do with user incompetence than lack of security. Android is built on a Linux kernel, Linux being more secure than either Mac OS X and Windows. Again, with every app installed, it lists all the permissions the app is going to need, and the user has to explicitly click "install." The problem is even if the a permission states "collect all private data and sell it on the internet", most people would still click install.
Trollalalalalala....