The team from the University of California came across the flaw in the system running a particularly malicious piece of code through the app across that, if implemented, could obtain the user’s personal information and any other details stored in their Gmail.
The tests were run exclusively through the Android operating system but the team believes the same vulnerability exists in both iOS and Windows phone also.
In their test which they have documented online, they placed the code within a seemingly harmless-looking app that offered new wallpapers, but once downloaded, spreads to the phone’s shared memory statistics which infiltrates not just Gmail, but any app that is inter-connected with it.
With a success rate of 92 percent, the researchers still needed a two-step process to pull off a successful attack which required the hackers to take place at the exact same time as the phone user is connecting to the service, while also conducting their activities without the suspicion of the user.
Two other apps familiar with Irish users that were also found to be affected by the hack attempts included Hotels.com which was found to have an 83% failure rate to prevent an attack, while Amazon’s app was found to have a 48% failure rate.
Source: Silicon Republic