One find morning you woke up feeling blissfully happy, just to realize later that your bank account is siphoned off by some miscreants. Sounds like a scary movie but believe me this can happen to anyone given the kind of information we are sending and receiving while on the move via our cell phone. But it is the unsecured net connection that you should be blaming squarely all the time for all the mishaps. Nope, it is the apps available in Google Play store that may be behind these. Yes, accordingly to a research conducted by German university researchers has revealed the fact that approximately 10s of millions of users at present are vulnerable to external and internal attacks.
The improper implementation of security protocol used while communicating with web browsers is probably the one of the major reason of security breaches. Of thousands of free applications available in Google Play store, 8% of them seem to very much vulnerable to attacks. Though mobile apps available in Google Play store are using trusted transport layer security (TLS) while sending and receiving information, few flaws in the implementation are making the whole process susceptive to external attacks.
Though the research paper where such claims have been made is not available for read, an overview of the whole research paper is available here. In the analysis, researchers have analyzed over 13,500 popular free apps available on Google play and surprisingly, 1,074 apps seem to bear some possibilities of their security being compromised at certain point of time. Researchers have used an ingeniously developed tool code named as MalloDroid, which is powerful enough to locate some shortcomings in an app like – Threatpost, SSL bugs etc lead to big compromise on the security front.
However, if this is not enough, the researchers have manually audited 100 apps and among them 41 apps seem to be very much vulnerable to MITM attacks. Those of you who are doubtful of the figures, let me remind them that the actual number can be larger than what it appears. Researchers have managed to get all the credentials for WordPress, IBM Sametime, Microsoft Live ID, Yahoo, Google, Diners Club, American Express etc and if this makes you uncomfortable, here is something more. The researchers have also successfully managed to disable the Anti-virus application and then remotely injecting some codes. Now, this is something that can unsettle you.
Nno comment on this issue has made by Google made yet. However, some experts are of the opinion that the problem has its root on the development process. Some developers simply do not know how to implement SSL properly and this improper implementation of SSL eventually lead to security issue. And what is all the more intriguing is the fact that some developers skip the SSL thing in the beta version of the application altogether and when the application becomes fully available, they still continue to skip the SSL. Another major flaw in the security is – SSL is itself very fragile and therefore, the security of the application will always be at stake.
Michael Evans is a passionate writer and social media analyst. He is currently associated with WebArts, a Web Design company in Cyprus.