According to a study conducted by researchers at Germany's Leibniz University, almost 8 percent of Android apps can be tricked into revealing personal data.
According to tech blog The Droid Guy, as many as 183 million users are at risk of identity theft because of faulty encryption protections in Google's Play Market.
BBC News reports that the researchers created a fake wi-fi hotspot and created an attack tool to spy on the data that the apps sent through the hotspot. The researchers explained that using this method, they could gather bank account information and payment credentials for PayPal, American Express and others. They presented their findings at the Computer and Communications Security Conference in Raleigh, N.C.
Researchers said personal information stored on Facebook, email and cloud storage could be leaked, access to IP cameras was accesible, and the researchers were easily able to disable security programs and inject computer code that would make the apps carry out specific commands
Perhaps worst of all the problems, the researcher said, was that an attacker could redirect a request to transfer funds on mobile banking applications without revealing the change to the user.
Google has yet to comment on the paper's findings.