Researchers find that the 1000 insecure applications, pinch credit cards and other data because the developers misusing the SSL setting in Android API. They claims that, “ they can capture credentials from American express, Diners club PayPal, bank account, facebook, twitter, google, yahoo, Microsoft Live ID, Box, word press, remote control servers, arbitrary e-mail accounts and IBM same time”.
In addition, the researchers note that number of apps provided insufficient feedback to users such as, they fail to tell the user whether or not it was using SSL to transmit user credentials.
Researches had developed a tool named, Mallodroid, an app to scan and check whether it under SSL implementation or not and will be available for web app and as a part of Androguard security scanner.
Link:http://www.theregister.co.uk/2012/10/21/android_app_ssl_vulnerability/
mscismuzzammilnagori 