Researchers performed an analysis with the aid of a tool called MalloDroid

Oct 22, 2012 13:45 GMT  ·  By

Researchers have performed a thorough analysis of 13,500 Android applications stored on Google Play in an effort to determine how many of them use SSL/TLS inadequately or incorrectly, exposing their customers to man-in-the-middle (MITM) attacks.

SSL/TLS is often utilized by Android apps to transmit information via a secure channel, but if the protocol is not used correctly, it can be exploited for MITM attacks.

Experts from the Germany’s University of Hannover and University of Marburg have developed a clever tool called MalloDroid which is capable of detecting potential vulnerabilities that could lead to cybercriminal operations.

The paper they have published – Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security – reveals that just over 1,000 of the Android apps they have tested (17% of the apps containing HTTPS URLs) are susceptible to such cyberattacks.

During their tests, the researchers were able to capture credentials for servers, bank accounts, email accounts, American Express, PayPal, Twitter, Facebook, Diners Club, Google, Yahoo and WordPress.

Furthermore, according to the experts, the security holes can also be used to manipulate virus signatures downloaded via the antivirus’ update feature to neutralize protection and even remove certain applications.

“It was possible to remotely inject and execute code in an app created by a vulnerable app-building framework,” the paper reads.

The most worrying fact is that the applications found to be susceptible to MITM attacks may have been installed as many as 185 million times.

Also, 754 Android users have been surveyed to see if they know how to identify SSL connections in their browsers and as it turns out, half of them don’t.

The MalloDroid web app will be made available to Android users in the upcoming period to enable them to check for themselves if certain applications expose their details.