Up to 185 million Android users could be putting their personal data at risk, according to researchers at the University of Leibniz and University of Marburg, Germany. Following an analysis of the top 13,500 apps currently available on the Google Play store, they discovered 41 that are vulnerable
to SSL certificates attacks that could yield users' details.
Android mascots are lined up in the demonstration area at the Google I/O Developers Conference in the Moscone Center in San Francisco, California. Credit: Reuters/Beck Diefenbach
Armed with a pretend wi-fi hot spot and the right software, the researchers were able to capture details including logins for email and other accounts and bank details and insert their own malware, which gave them control of the app and the data it gathered and shared. The researchers have not revealed the names of the apps in question.
As these apps are most vulnerable when used in conjunction with a non-secure connection, authors of the study followed up their findings with a survey of 745 subjects to see if they understood the risks of using a public -- i.e. unsecured or unprotected -- internet connection, such as a public wi-fi hotspot. The survey found that while most respondents believed that they were quite tech savvy, 47.5% of subjects who did not work in IT were unable to tell when a connection was secure or insecure.