Security researchers recently found that more than 100 Android apps are failing to properly encrypt your login data. Experts say the flaw makes it very easy for hackers to steal your password if they so choose. Even worse is that the app developers don’t seem to be doing anything about it.
The exploit comes in the form of an HTTPS vulnerability and has apparently been around for quite a while. The vulnerability affects quite a few popular apps too. Match.com along with Pizza Hut’s app are some of the ones not properly encrypting user data. NBA Game Time and Safeway’s app are also on the list. All of these and over 50 more apps failed to respond to the news. If you use these apps a password change is suggested sooner rather than later.
AppBugs broke the news saying that the apps use unencrypted hypertext transfer text protocol when handling user passwords and that anyone who can gain the ability to monitor the traffic on the network can read the information that should be encrypted. There has been no indication that Google is performing any checks for security of this nature on apps in it’s app store although such methods would most likely be easy for the tech giant to create.
The affected apps have been downloaded over 200 million times but researchers say that’s a small amount. Earlier in the year a similar group of android apps were downloaded over 350 million times. Faulty encryption was the culprit both times. HTTPS vulnerabilities are widely known to be a problem although it seems developers seem to ignore this fact. Android apps were also affected similarly back in 2012 as well.
With more companies switching to HTTPS connections in the wake of the Snowden government spying revelations it brings into question whether or not the companies will take such issues into account when creating their apps.