WASHINGTON: A flaw in commonly used applications on Android smartphones such as texting, messaging or microblogging could spread private information or allow forged fraudulent messages to be posted, a recent study has revealed.

University of California graduate student Dennis (Liang) Xu has identified security flaws in about 1,20,000 free apps in Android smartphones, which has about a half-billion users worldwide.

The flaws start to appear just when the victim downloads a piece of malicious code onto their phone which could be hidden in a useful app, or attached to a 'phishing' e-mail or web link, that could harm the vulnerable programmes by invading them. Xu said that the vulnerability results from the developer's error of leaving private codes public.

Xu has found that it is possible for an attacker to access and read personal information, including even 'private' messages from one of the popular text-messaging app, Handcent SMS that allows users to place some text messages in a private, password-protected inbox.

Weibo is a hugely popular microblog service described as the Chinese equivalent of Twitter. But, according to Xu and the researchers, it is possible for the malicious code to forge and post fraudulent messages.

The professor of computer science at the university Zhendong Su has said that his team has notified the app developers of the problems, but has not yet received a response.

source: timesofindia