Android apps may leak personal data

Android apps may leak personal data

Millions of people are using Android applications for both personal and enterprise purposes that can be tricked into revealing personal data, according to a new study.

A team of researchers at Leibniz University of Hanover and the computer science department at the Philipps University of Marburg investigated 13,500 Android apps found that almost eight per cent failed to protect bank accounts and social media logins.

The scientists also discovered that some hackers are creating a fake Wi-Fi hotspot using a specially created tool to capture login details for online bank accounts, email services social media sites and corporate networks.

This finding is of particular interest to businesses allowing their staff to use their own devices. Educating employees to use only safe and secure wireless networks is vital for businesses.

As the BYOD (bring your own device) trend continues to grow in the UK and around the world it is vital that staff and employers are prepared for the security challenges the trend presents.

A recent survey by Ovum, which questioned over 4,000 IT professionals around the globe, found that companies are still underprepared to secure personal devices being used by employees for enterprise purposes.

Researchers also created their own fake Wi-Fi hotspot and tricked a number of Android apps, disabling security programs and fooling them into labelling secure apps as infected.

It was also possible to inject computer code into the data stream that made apps carry out specific commands, which could cause data leaks and breaches of sensitive information.

"About half of the participants could not judge the security state of a browser session correctly," the researchers wrote.

"Most importantly, research is needed to study which counter-measures offer the right combination of usability for developers and users, security benefits and economic incentives to be deployed on a large scale."

Some of the apps tested, which leaked data from devices, had been downloaded millions of times, the researchers said and a follow-up survey of 754 people suggests users could struggle to spot when they were at risk.