Android apps put passwords at risk: Where developers came up short

An app security company has found that several big-name applications on the Android operating system are putting users’ passwords at risk. 

App Bugs has found several popular and reputable apps for Android aren’t using HTTPS correctly (if they use it at all).

Exploiting this flaw could allow hackers to steal credentials using Man-in-the-Middle (MitM) attacks or generally makes it possible for attackers to snoop on traffic.

With mobile devices so frequently used outside of home or work networks (for example in coffee shops, conference centers or airports), that makes it very possible to steal app passwords – and, if they’re repeated across several different accounts – work credentials as well.

And when informed of the flaws, many app developers failed to take action or respond, according to App Bugs.

Trusted WiFi, better security needed

While this advice may fall on deaf ears, you’ll want to warn users of the dangers of public WiFi, regardless of whether they plan on using it for work applications or not.

And while there’s not much that can be done about it on your end, it would be helpful if Google tightened up its security in the Google Play store, making it impossible for developers to make applications with these flaws available to consumers.

In the meantime, let this be a lesson: Advising users to only download apps from trusted stores is a good way to prevent a lot of bad applications from slipping through, but it’s not a guarantee of safety by a long shot.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy