http://mashable.com/2012/10/22/android-apps-leaking-security-data/Heres some bad news for Android users: Researchers have uncovered 41 Android apps in the Google Play store that are leaking sensitive data, ranging from credit card information and email content to social networking site passwords, new research suggests.
Researchers at Leibniz University of Hannover and Philipps University of Marburg in Germany have released findings that indicate various Android apps currently available for download are subject to major encryption issues. (Note: The study was only conducted among Android apps, but app security issues are likely to pop up on other platforms, as well).
The team used a Samsung Galaxy Nexus smartphone operating on Android 4.0 Ice Cream Sandwich to conduct testing and began the study by downloading 13,500 free apps. About 1,074 apps or 8% of the sample contained code that was potentially vulnerable to man-in-the-middle (MITM) attacks, which allows a cybercriminal to intercept a message or data that is assumed to be private and secure.
The team did a manual audit of 100 of those apps and was able to successfully launch attacks against 41.
SEE ALSO: 10 Spooky Cyberattacks in 2012 [INFOGRAPHIC]
Of the 100 apps selected for manual audit, 41 apps proved to have exploitable vulnerabilities, the researchers said. We could gather bank account information, payment credentials for PayPal, American Express and others. Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted.
After retrieving the information, the team said they were able to inject virus signatures into an anti-virus app to detect arbitrary apps as a virus or disable virus detection completely.
Although the researchers didnt name the apps, they provided some details on certain services. For example, they successfully attacked a very popular cross-platform messaging service which has a user base between 10 and 50 million users and was able to obtain telephone numbers from users address books.
Also at risk is an app for a popular Web 2.0 site with an install base of 500,000 to 1 million users.
When using a Facebook or Google account for login, the app initiates OAuth login sequences and leaks Facebook or Google login credentials, the research said.
Google declined to comment on the study.
another link on the subject http://www.bbc.co.uk/news/technology-20025973