German researchers recently published a survey which revealed that 41 free apps for Android contains serious flaws implementation of the SSL and TLS protocols, used to encrypt web traffic. Of these programs, the group says it is not only possible to capture data such as email addresses, messages and login information as well as banking data of its users.
To get these programs the group dropped 13,500 free apps Google Play and passed each test by an automated vulnerability. Altogether, the test identified 1074 potential programs that could or could not leave data exposed. Of this total, 100 were chosen and tested manually - and 41 of them failed the test.
Unfortunately the researchers did not disclose the name of the application, to give developers time to implement fixes and publish on Google Play. But they reveal that among the apps are vulnerable to attack "a messaging service platform" with 10 to 50 million users who left exposed and phone numbers of the agenda, "a client to a web site popular 2.0" with 1 million users and that leaves exposed login information from Facebook and Google.
The programs are vulnerable to "man-in-the-middle" that allows a person ill intentioned intercept the data between the servers and the program. For programs identified by the group, this is because their SSL implementation is poorly made, allowing signed certificates or certificates nonexistent entities that have lost their validity now, among other flaws.
To get these programs the group dropped 13,500 free apps Google Play and passed each test by an automated vulnerability. Altogether, the test identified 1074 potential programs that could or could not leave data exposed. Of this total, 100 were chosen and tested manually - and 41 of them failed the test.
Unfortunately the researchers did not disclose the name of the application, to give developers time to implement fixes and publish on Google Play. But they reveal that among the apps are vulnerable to attack "a messaging service platform" with 10 to 50 million users who left exposed and phone numbers of the agenda, "a client to a web site popular 2.0" with 1 million users and that leaves exposed login information from Facebook and Google.
The programs are vulnerable to "man-in-the-middle" that allows a person ill intentioned intercept the data between the servers and the program. For programs identified by the group, this is because their SSL implementation is poorly made, allowing signed certificates or certificates nonexistent entities that have lost their validity now, among other flaws.