Smartphones had changed the way we communicate, get information, and entertain ourselves. With smartphones increasingly becoming low-priced and within the range of the average person, therefore, it is no surprise about the source of their widespread success around the globe is their low- price and computing capabilities. With Apple’s iPhone a bit on the pricey side, Google’s Android based Smart-phones are the choice of smart-phones loving frugal folks. Moreover, with multiple manufacturers of Android based smart-phones such as HTC, Samsung, Sony, Huawei, Motorola and LG, the choices of Android based smart-phones are endless. Consequently, such variety and affordability has propelled Google’s android based operating system as the iPhone’s impossible-to-knock-out adversary. Therefore, it’s a given fact that Android operating systems for smart-phones are the entire buzz these days.
Yet, recently, Android has once again made negative headlines, this time on the subject of personal data. Security researchers at Leibniz University in Hanover, Germany found that some perfectly legitimate android applications available for download on Google ‘Play’ may leak your data to hackers. Even so, the team didn’t come across any reported incidents that reported any hackers have taken advantage of this loop-hole.
To be more specific on how confidential data can be leaked with these applications, researchers have found that almost all android applications used SSL and TLS security protocols to transmit your private data. Shockingly, what the research found was that these security protocols weren’t designed properly in these apps – they were faulty. Therefore, if you have recently downloaded apps from Google Play, chances are your username, passwords, credit card number and addresses could be leaked. To test our data leak vulnerabilities, a tool known as ‘MalloDriod’ was used, which can detect Man-in-the-middle attacks.
What researchers determined was that 8% of the applications were defenseless against MITM attacks. The way it works, is that a third-party – hacker, connects between two devices, seemingly acting as a communication device using advanced hacking application. Researchers determined that any application that sends out a certificate is open to attack. What shocked researchers the most, was that 41 out of 100 applications contained this security loophole.
It’s estimated that anywhere from 40 to 185 million users may have downloaded such apps. Researchers say that better security measures and regulations installed within Android operating system is the key to keeping data safe. The majority of the applications available on the ‘Play’ store are not mandated to have strict security protocols, implementing foolproof security measures in Android compatible applications should be the responsibility of the developer of that specific application. It’s up to Google to enforce compliance to protect its user’s identity.
On a different note, smart phones are not the only culprit that can leak personal data. The widespread use of portable-data-storage-devices such as thumb drives and portable hard-drives can also contribute to data theft. If you end up losing one of these devices, and by mistake you happen to have your intimate data stored on them, such as e-statements, tax return or copies of private identification, then there’s potential for some trouble. Experts recommend that when transporting sensitive data on transportable drives, it’s highly recommended that you secure USB movable drives and hard-drives with portable data security software. Identity theft is hot business for criminals, as it is considered an easy way to steal information without ever getting caught. What’s really worrisome is that, by the time you come to know that your data has been stolen, it may be too late. It’s likely that the criminals may have already charged up your account, and you may only find out about this charge once you receive your credit card bill.