About 40 applications for the platform Android, which have been downloaded to 185 million times, contain vulnerabilities that allow access to sensitive user data, such as bank account, according to the publication Ars Technica, with reference to the report of German researchers.
“We could gather bank account information, payment credentials for PayPal, American Express and others,” – gives the publication the words of researchers from the Leibniz University of Hanover and the Philipps University of Marburg.
Vulnerability, allow access to the account via Facebook, email, cloud storage used by the owner Android-smartphone.
According to experts, can be exploited to capture data during the exchange of information using cryptographic protocols SSL and TLS between a smartphone based on Android OS Ice Cream Sandwich and the bank’s server, or online services. A number of security vulnerabilities are known and described in the Internet, the researchers note.
Experts began to study, 13.5 downloading thousands of free applications from the online store application Google Play, and then tested them in the implementation of SSL-Protocol for vulnerabilities that allow attackers to intercept the data. As a result, found about a thousand applications with vulnerabilities. In this case, according to the statistics Google, about 40 applications of the selected total were downloaded from Google Play from 39.5 to 185 million times.
According to researchers, most of the applications with vulnerabilities created by third parties, and not as representatives of services for which they were intended. Application names experts are not reported.
Online store application Google Play at the end of September included about 675 programs and games that have been downloaded more than 25 billion times.