A recent study presented just yesterday by Columbia Engineering computer science professor Jason Nieh and PhD candidate Nicolas Viennot might be the most comprehensive look yet at the Google Play store and some of the issues plaguing it. The bad news is the researchers were able to discover what they think is a pretty serious security flaw (TheLoop via Phys.org):
Nieh and Viennot discovered all kinds of new information about the content in Google Play, including a critical security problem: developers often store their secret keys in their apps software, similar to usernames/passwords info, and these can be then used by anyone to maliciously steal user data or resources from service providers such as Amazon and Facebook. These vulnerabilities can affect users even if they are not actively running the Android apps. Nieh notes that even “Top Developers,” designated by the Google Play team as the best developers on Google Play, included these vulnerabilities in their apps.
According to the report, Google is working with the researchers to prevent similar problems in the future and has already started the process of informing developers about necessary changes: Read more