Android Apps 'leak' personal details
Tuesday 23rd October 2012 | Shavy
Research indicates that Android apps can be tricked to reveal personal details.
Are you an Android user? Then you must be downloading various apps? But did you know that you might make your personal details public?
The scientists tested 13,500 Android apps and found almost 8% failed to protect bank account and social media logins. The research was conducted by the researchers from the security group at Leibniz University of Hanover and the computer science department at the Philipps University of Marburg. They tested the most popular apps in Google's Play store.
Researchers explained that these apps are not able to implement standard scrambling systems and when the devices communicate with websites these apps allow "man-in-the-middle" to reveal data while passing the information back and forth. Some of these apps tested had been downloaded millions of times, the researchers said.
They explained further that by creating a fake wi-fi hotspot and using a specially created attack tool to spy on the data the apps sent via that route, they were able to:
-
capture login details for online bank accounts, email services, social media sites and corporate networks
-
disable security programs or fool them into labelling secure apps as infected
-
inject computer code into the data stream that made apps carry out specific commands
Something really unsafe is that an attacker could even transfer funds from your account, while making it look to you like the transaction was proceeding unchanged.
Moreover, "about half of the participants could not judge the security state of a browser session correctly," the researchers wrote.
So be careful when you input your personal details in your favourite apps. It might get leaked.
By Shavy Malhotra