According to the BBC, thousands of apps in the Play Store have failed in implementing standard scrambling systems, thus failing to protect bank accounts and social media logins. 13 500 Android apps were tested by scientists and approximately eight percent of these apps failed, revealing data that is supposed to be secure when communicating with websites.
The most popular apps in the Google Play store were tested by science departments from the University of Marburg and the Leibniz University of Hamburg. Through a fake Wi-fi hotspot and a special attack tool similar to malware, these researchers and scientists were able to alter many aspects of the apps and change commands. They were also able to retrieve login details for bank accounts, email services, corporate networks and was able to disable security programs.
Re-directing a request to transfer funds while making it look like the transaction was proceeding unchanged, proved easy to do as well, all the while not making the app user aware of it. A follow-up survey of 754 people used for the experiment, proved that users could struggle to know when and if they were at risk. The research revealed that the majority of Android users would be completely unaware of their data being accessed.
The researchers said that “about half of the participants could not judge the security state of a browser session correctly. Most importantly, research is needed to study which counter-measures offer the right combination of usability for developers and users, security benefits and economic incentives to be deployed on a large scale.”
This represents millions of users whose data could be affected, stolen or changed. Google has not responded or commented on the research and findings.
Image: Android Authority