Skip to main content

Research exposes vulnerabilities in popular free Android apps

According to a study, around eight per cent (1,074) of Google Play's 13,500 most popular free apps are susceptible to man-in-the-middle (MITM) attacks (opens in new tab).

Researchers from the University of Hanover and the Philipp University of Marburg built a tool called MalloDroid, designed to detect potential vulnerabilities in apps employing SSL/TLS code to MITM raids. The issues it identified were "widespread and serious."

By creating a fake Wi-Fi hotspot, the scientists were able to accumulate valuable details, such as those of email accounts, banks accounts and social media logins, as well as disable security programs and execute code in order to command particular apps to behave in certain ways.

Additionally, they succeeded in manipulating requests to transfer funds, even managing to conceal the changes from users.

(opens in new tab)According to Google Play, the cumulative amount of installs of the apps with MITM vulnerabilities lies between 39.5 million and 185 million.

A MalloDroid app is currently under construction and will be introduced to Android users when a complete version become available.

Google has not yet commented on the findings.

Aatif is a freelance copywriter and journalist based in the UK. He’s written about technology, science and politics for publications including Gizmodo, The Independent, Trusted Reviews, Newsweek, and ITProPortal.