German researchers have discovered a serious Android security lapse that is possibly exposing the passwords, bank account information, and email contents of as many as 185 million users. According to a joint team at the University of Marburg and Leibniz University of Hannover, 41 applications available via Google's Play Market have serious security flaws that regularly leak sensitive data.
Inadequate SSL and TLS protections on Android smartphones running Ice Cream Sandwich were responsible for the security lapses. "We could gather bank account information, payment credentials for PayPal, American Express and others […] Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted," the researchers wrote.
The report did not name the 41 applications with the security flaws and it is not known if the application developers were informed of the serious user privacy lapses. All personal information obtained by the researchers could easily be replicated by amateur hackers using a variety of well-known exploits.