Millions of people around the world are using "vulnerable" Android apps that are leaking personal data, including bank account information and webcam access, says new research.
The study tested the 13,500 most popular free apps from the Google Play Store and found that 1074 – almost 8 per cent – used incorrect or inadequate coding.
Researchers at the Leibniz University of Hannover and the Philipps University of Marburg, both in Germany, tried to hack a sample of 100 of the vulnerable apps. They were able to exploit 41, of which there are at least 39.5 million users worldwide, according to the Google Play Store.
"We could gather bank account information, payment credentials for PayPal, American Express and others," says the study.
"Facebook, email and Cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted."
The researchers created a fake Wi-Fi hot spot and mounted an attack that spied on data sent and received by the apps. They were able to capture log-in details for online banking, social media, email services and corporate networks – and even disable security software.
The team used a Samsung Galaxy Nexus smartphone running Android 4.0 Ice Cream Sandwich to carry out the tests. Google has yet to comment on the findings.
Chris Gatford, director of security firm Hacklabs, says the situation for Android users is poor. "Android is probably the least amount of security the average consumer can have in terms of a mobile platform. It certainly doesn't surprise me to hear that security in regards to banking and social media details is not great."
Paul Ducklin of the security firm Sophos agrees. "The barrier of entry to an application that is either badly written or even dodgily written seems to be quite low," he says. "You can occasionally stumble across stuff which really shouldn't be in the Play Store."
According to the research firm IDC, Android, made by Google, is the most popular smartphone operating system, with a 68.1 per cent market share. Google's main competitor, Apple, has 16.9 per cent.
Apple's software, iOS, is often criticised for being too closed and having little opportunity for customisation. But, says Mr Gatford: "That is a better security position than having more freedom like you do in the Android environment."
But Mr Ducklin does not want Google to go down the path of Apple's restrictive App Store. "Google want to be open and I think that's better," he says. "The problem is that it does seem that it's possible to err the wrong way."
The study concludes more education and simpler tools are needed to allow for the easy yet secure development of Android apps.
Ducklin agrees: "If an application maker can't step up to the crease properly, then don't come in to bat."