Researchers find Android users are at serious risk of installing insecure apps

 

Researchers recently discovered security vulnerabilities in as many as eight percent of benign (or not intentionally built to steal your information or install malware) Android apps. These apps proved to have inadequate safeguards that would otherwise prevent data theft.

With the frequency with which we’re willing to share our phone numbers, home address, credit card numbers with just about any app, we’ve been taking our personally identifiable information for granted. Third-party developers and malicious hackers can gain unprecedented access to our lives. The latest research paper titled, “Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security,” by researchers from the University of Hannover in Germany sheds light on why we should err on the side of caution.

Rather than testing for known malicious apps meant to capture your data for illicit use, researchers tested 13,500 free benign apps from the Google Play store and uncovered 1,074 apps had holes in their Secure Sockets Layer (SSL) security and Transport Layer Security (TLS) protocols. If you’re unfamiliar with SSL, it’s a two-part authentication system for securely transmitting sensitive data over the Internet, like credit card numbers. TLS is SSL’s predecessor and prevents a third-party from snooping in on your private two-way messages for example.

The 1,074 Android apps that were found to have “inadequate use of SSL/TLS” were susceptible to Man-in-the-Middle (MITM) attacks that can easily exploit and retrieve personally identifiable information about the app’s users.

In a manual audit of 100 apps (which the study did not identify by name), bank information, social media accounts, and cloud storage credentials were just a few of the many personal pieces information that researchers were able to gain access to, and 41 of the 100 apps were discovered to have vulnerabilities. Researchers revealed that they “were able to capture credentials for American Express, Diners Club, Paypal, bank accounts, Facebook, Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary email accounts, and IBM Sametime, among others.”

Other additional successful hacks included gaining access to a user’s IP cameras, injecting viruses into an anti-virus app to flag normal apps as viruses, and disabling virus detection altogether. Of these 41 vulnerable apps, between 39.5 and 185 million users are at risk of Man-in-the-Middle attacks.

The researchers then assessed the “average” Android user’s awareness and knowledge about secure connections in an Android browser. The majority of the survey’s participants were students, while the remaining participants were employees. After being asked about the difference between HTTPS and HTTP, and how “a user perceives an SSL warning message,” just 58.9 percent of IT expert participants and only 44.3 percent of non-IT expert participants were able to identify a secure or insecure connection.

While developers may be rushing to get their apps out of the door and a security encryption is the last features on their minds, it’s also clear that users are in need of a crash course on safe browsing practices and security.

Social Media

A Facebook, Instagram bug exposed millions of passwords to its employees

Facebook, Facebook Lite, and Instagram passwords weren't properly encrypted and could be viewed by employees, the company said Thursday. The network estimates millions of users were affected.
Mobile

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.
Computing

Make the most of your toner with our five favorite color laser printers

Color laser printers have improved dramatically over the years, and today's models offer both blazing print speeds and great image quality. Here are our favorite color laser printers, from massive all-in-ones to smaller budget options.
Mobile

Most Android antivirus apps fail to provide malware protection, study shows

A study by AV-Comparatives analyzed the effectiveness of Android antivirus apps in protecting against the 2,000 most common malware threats. Alarmingly, only 23 of the apps were able to detect 100 percent of the malware samples.
Mobile

Does this video show off the Huawei P30 Pro's impressive camera suite?

The Huawei P30 Pro will be announced on March 26. It has already started to leak ahead of this date, and expectations are high that the company will improve even further on the P20 Pro's camera.
Mobile

Google Fi: Phones, plans, pricing, perks, and more explained

Google's wireless service, formerly Project Fi, now goes by the name of Google Fi, and it's now compatible with a majority of Android phones, as well as iPhones. Here's everything you need to know about Google Fi.
Mobile

Google hit with another fine by the EU, this time for $1.7 billion

Google has been fined for the third time by the EU, this time for breaching antitrust laws by requiring third-party websites using its search function to prioritize its ads over competitors.
Mobile

You can now use the innovative Red Hydrogen One on Google Fi

The Red Hydrogen One was first announced in 2017 and has been delayed a few times since then. Now, the Red Hydrogen One is finally available, featuring a Qualcomm Snapdragon 835, 6GB of RAM, and 128GB of storage.
Deals

The best Apple AirPods alternatives for Android, Windows, and iOS devices

Apple AirPods might be new and improved, but they aren't the only game in town. Other makers are offering their own truly wireless earbuds, with attractive features. These are the best AirPod alternatives on the market today.
Social Media

Facebook Messenger adds quoted replies to better organize group chats

Facebook is rolling out a feature that should help make group chats a whole lot more organized. The feature allows you to reply to specific messages within a group chat, so others will be able to tell what you're replying to.
News

Browse safely and securely with Opera’s unlimited VPN on Android

Opera has added a new VPN to its Android browser, offering an easy way to keep your privacy and data locked up solid, and with no limits on usage or cost, you can keep it on all the time.
Mobile

Need a quick battery boost? Try one of our favorite portable chargers

Battery life still tops the polls when it comes to smartphone concerns. If it’s bugging you, then maybe it’s time to snag yourself a portable charger. Here are our picks for the best portable chargers.
Mobile

The Samsung Galaxy S10 5G might be a few short weeks away from launch

Samsung has announced a whopping four new Galaxy S10 devices, from the low-cost S10e to the triple-camera S10 and S10 Plus. But it's the Galaxy S10 5G that steals the show as it's among the first 5G-ready smartphones to hit the market.
Wearables

Fossil made a smartwatch in 2004, and it’s part of a new brand retrospective

Fossil has been making watches for 35 years, and to celebrate the anniversary, it has a new retrospective exhibit complete with the first smartwatch it made — the Wrist Net watch from 2004.