Millions of people are using Android apps that can be tricked into revealing personal data, research indicates.
Scientists tested 13,500 Android apps and found almost 8% failed to protect bank account and social media logins.
These apps failed to implement standard scrambling systems, allowing “man-in-the-middle” attacks to reveal data that passes back and forth when devices communicate with websites.
Google has yet to comment on the research and its findings.
Researchers from the security group at the University of Leibniz in Hanover and the computer science department at the Philipps University of Marburg tested the most popular apps in Google’s Play store.
By creating a fake wi-fi hotspot and using a specially created attack tool to spy on the data the apps sent via that route, the researchers were able to:
capture login details for online bank accounts, email services, social media sites and corporate networks
disable security programs or fool them into labelling secure apps as infected
inject computer code into the data stream that made apps carry out specific commands
An attacker could even re-direct a request to transfer funds, while making it look to the app user like the transaction was proceeding unchanged.
Some of the apps tested had been downloaded millions of times, the researchers said.
And a follow-up survey of 754 people suggests users could struggle to spot when they were at risk.
“About half of the participants could not judge the security state of a browser session correctly,” the researchers wrote.
“Most importantly, research is needed to study which counter-measures offer the right combination of usability for developers and users, security benefits and economic incentives to be deployed on a large scale.”
- Former NSMQ contestant, Francis Tetteh reported dead
- 13 reasons behind Akuapem Poloo’s sentencing
- NDC suspects doctoring of Techiman South election summary sheets
- Mahama must call sycophantic campaigners to order – Kunbuor
- Kuami Eugene reacts after KiDi said his communication is poor
- NRSA petitions MTTD to investigate Cocobod vehicle that broke traffic regulations
- We’re running into a credibility problem – Kunbour on unanswered calls for NDC’s election 2020 collated figures
- Stolen ring causes teenager’s finger to rot at Pantang
- Kuami Eugene describes critics of his attire during Range Rover presentation as shallow
- ECG to announce ‘dumsor’ timetable for works on Pokuase BSP
Ghana’s CEOs Summit to push for Digital Economy Act
ECG releases ‘dumsor’ timetable; outages to begin May 10
Choosing Alan or Bawumia as 2024 flagbearer may not augur well for NPP – Ben Ephson
Worawora Government Hospital appeal to residents to donate blood
Cadre’s influence in NDC dwindling – Ben Ephson
Sibi residents in Oti Region call on government for access to potable water
People of Shiari calls on government for development facelift
BoG implements policies to accelerate digital financial inclusion
Chelsea preparing to withdraw from European Super League
Teacher allegedly butchers man in Bono Region
Amasaman MP makes donation to Muslims to mark Ramadan celebration
Court rejects bail application of business executive held over spousal murder
Joy Sports team divided over European Super League
Majority of Ghanaians at risk of contracting Covid-19 if not vaccinated in next 2 to 3 months – Health experts
Regulatory environment revamped for innovative digital banking industry – 1st Deputy Governor