A recent study conducted by researchers at the University of Leibniz and the Philipps University of Marburg has found that nearly 8% of the 13,500 Android apps tested failed to protect personal information such as bank account and social media logins.
Researchers found that these unsecured apps did not have the sufficient scrambling mechanism to block attackers from obtaining or diverting data that passes back and forth between the phone and server.
According to the BBC, the researcher conducted the study on some of Google Play’s most popular apps, some of which have already achieved millions of downloads.
(Risk getting your bank account information stolen every time you check your balance.)
For the study, the researchers used a fake Wi-Fi hotspot and specially designed tools to “spy” on the data that the app sent and received via the hotspot. During the various phases of their study, researchers found that many apps failed to secure details regarding bank accounts, email services, social media, and corporate data. They also found that various Android apps can disable security programs and/or fool the system into thinking that a secure app is infected. Other more sophisticated tools can even inject specific code into the system, leading it to carry out possibly unwanted commands.
What’s even scarier is that the researchers found that an attacker can potentially re-direct a request to transfer funds via the security holes in the apps.
In a follow up survey, researchers found that many people could not recognize that their phone data were at risk of being hijacked.
“About half of the participants (out of 754 people) could not judge the security state of a browser session correctly,” said the researchers.