Researchers taking a close look at 100 Android apps were able to hack into 41 of the programs to obtain credit card data and sensitive log-in information.
Some Android apps simply make it easy for attackers: Researchers at the Universities of Marburg and Hamburg examined 13,500 apps that are available on the Google Play platform. Of the programs they studied, eight percent proved vulnerable to a “man in the middle” attack. This involves a hacker pretending to be the communication partner and intercepting communication between the app and a server. This effectively circumvents the encryption mechanism that is in place via SSL or TLS.
Android apps are especially vulnerable
One hundred apps of the apps were selected for further study. According to the researchers, it was possible to obtain credit card data as well as sensitive log-in data for Facebook, WordPress, Twitter, and Google accounts from 41 of these programs. In some cases, external access even extended to the server or communication software like IBM Lotus Sametime.
The apps the researchers hacked were not announced, but they include several popular apps that have more than 185 million installations. Especially dangerous: Half of users can’t say whether their data is encrypted or not. In comparison to Apple’s strictly sealed off App Store, Google Play is conceived of as an open platform. The vulnerability of Android apps, therefore, doesn’t surprise the researchers.