Skip to main content

Gmail smartphone app on Android hacked by US researchers

Google's Gmail app on Android smartphones has fallen victim to the hacks of US researchers who managed to access Gmail accounts in 92 per cent of cases.

The researchers were able to access several apps, including Google's popular email service, by disguising harmful software as another app – and Gmail happened to be one of the easiest to access.

While this hack was carried out on an Android phone, the team believes that it could be performed on all smartphones.

Read more: Should you use antivirus protection on your Android device?

"Third-party research is one of the ways Android is made stronger and more secure," said a Google spokesperson, the tech giant having reportedly welcomed the findings.

The research is to air at a cybersecurity event in San Diego, two academics from the universities of California and Michigan on presentation duties.

The other affected apps included Newegg, Chase Bank, WebMD, H&R Block, and Amazon – which, with a 48 per cent success rate, was the hardest to crack.

The hack works by getting into the shared memory of a user's smartphone with malicious software disguised as an apparently normal app. By monitoring the shared memory, the researchers could see when a user was operating apps such as Gmail, providing a window to steal passwords and login details.

"The assumption has always been that these apps can't interfere with each other easily," said Zhiyun Qian, an assistant professor at the University of California and one of the hacking team.

"We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user."

Read more: 10 apps you must download for your Android smartphone

Apple and Windows smartphones use shared data in the same way as Android, the team say, suggesting the hack could be used elsewhere.