Skip to main content

Large number of Play Store apps vulnerable to Man-In-The-Middle attacks

A significant proportion of Google Play's most downloaded Android applications are susceptible to Man-In-The-Middle (MITM) attacks, according to the latest research.

The FireEye Mobile Security Team revealed that a large number of the apps that it analysed were vulnerable to attackers intercepting communications.

Read more: Ask the expert: 5. What's the future of mobile security?

The team reviewed the 1,000 most-downloaded free apps from the store, as of 17 July 2014, and found that 674 (approximately 68 per cent) of them contained one of the three SSL vulnerabilities that it studied.

The apps allow attackers to intercept data exchanged between the Android device and a remote server, enabling hackers to steal sensitive information such as, usernames, passwords, device IDs, and photos. An attacker would also be able to hold a user's data for ransom using a denial of service attack, or inject malicious files into the vulnerable application.

FireEye found that most of these vulnerabilities emerged from security configurations built into ad libraries that developers use when they don't want to develop one themselves.

The team also revealed that it notified the developers of any vulnerable apps, who acknowledged the issue and addressed them in subsequent versions of the application.

Read more: Report: Half of Brits worry about mobile security

However, with the estimated number of apps available on the Google Play Store exceeding one million, the chances are that many more remain susceptible to MITM attacks. Consumers may be concerned that developers aren't doing enough to limit the number of vulnerabilities before apps are made available to download.