Hackers Can Exploit Most Free Android Apps
- Jonathan Moore
- Aug 21, 2014 03:35 PM EDT
- Sign up to receive the lastest news from LATINONE
-
The Android app ecosystem's "open" policy of accepting the majority of apps that developers submit has left millions of users open to online attacks from hackers. While Apple's App Store maintains a much more strict policy for which apps it allows into its online market, Google has done sort of the opposite with Android. That's not to say Apple has had its share of vulnerability issues, but with Anrdoid it just seems like their policy almost invites this sort of meddling by nefarious online individuals.
BGR reports that a recent study revealed 68% of the Google Play Store's top 1,000 free apps are vulnerable to what are known as man-in-the-middle hacker attacks. Man-in-the-middle attacks (MITM) occur when a hacker intercepts messages between two collection points and then manipulates the transmission stream.
The research was conducted by a security firm called Fire Eye, and actually involved a larger analysis of up to 10,000 free Android apps. According to Fire Eye the problem goes far beyond the 1,000 app that were found to be most vulnerable.
The firm concluded that "Roughly 4,000 (40%) [of apps] use trust managers that do not check server certificates, exposing any data they exchange with their servers to potential theft." This can especially prove problematic when apps demand access to a users sensitive information, like contacts, phone identity, call log, and camera and microphone access.
Fire Eye also stated that "around 750 (7%) applications use hostname verifiers that do not check hostnames, implying that they are incapable of detecting redirection attacks where the attacker redirects the server request to a malicious webserver controlled by the attacker. Finally, 1,300 (13%) do not check SSL errors when they use Webkit."
Developers have the ability to make sure there are safeguards in place to guarantee Android users' sensitive data isn't accessible to hackers. If an app doesn't do that, the developer is either ignorant or doesn't care--the latter being more troublesome since it could also mean such a lapse in security could be intentional. There's a lot of money to be made in the selling of personal information.
So be careful. Always make sure you download apps only from reputable developers, and also make sure to check the app permissions when you install it. If it's free and it asks for your contact info and call log data, chances are it's just going to mine your data.
- Sign up to receive the lastest news from LATINONE
-