Researchers from the University of Hanover and the Philipp University of Marburg built a tool called MalloDroid, designed to detect potential vulnerabilities in apps employing SSL/TLS code to MITM raids. The issues it identified were "widespread and serious."
By creating a fake Wi-Fi hotspot, the scientists were able to accumulate valuable details, such as those of email accounts, banks accounts and social media logins, as well as disable security programs and execute code in order to command particular apps to behave in certain ways.
Additionally, they succeeded in manipulating requests to transfer funds, even managing to conceal the changes from users.
A MalloDroid app is currently under construction and will be introduced to Android users when a complete version become available.
Google has not yet commented on the findings.