Security Holes Found On Android Apps

  • 41 identified Android apps
  • Downloaded 39.5 million to 185 million times
  • Certificate authorities and websites at fault

A team of computer scientists has found security holes on about 41 identified Android apps that are leaking important information as it goes from phone to end server.

  • 41 identified Android apps
  • Downloaded 39.5 million to 185 million times
  • Certificate authorities and websites at fault

A team of computer scientists has found security holes on about 41 identified Android apps that are leaking important information as it goes from phone to end server.

According to the study, about 185 million Android users may be affected by this- exposing online banking info and social network credentials along with email/IM contacts and content.

These identified apps have been downloaded 39.5 million to 185 million times. Researchers blame certificate authorities and websites for not putting in the proper protections.

These findings were presented by computer scientists from Germany's Leibniz University of Hannover and Philipps University of Marburg, at this week's Computer and Communications Security conference.

"We could gather bank account information, payment credentials for PayPal, American Express and others," the researchers wrote in their paper. "Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted."

In addition, most of the programs used in the study seemed to be free, third-party apps rather than the official versions from sites and services.

The team also said that none of the apps came directly or were made by Google themselves. However, Google's engineers can help make these apps secure by making it clearer to users when the connection provided by an app is encrypted and when it isn't.

Leave a Reply