A group of researchers at security firm NCC Group surveyed six parking apps available on the Google Play store and discovered significant security flaws across multiple mobile parking applications.
Although Android has been hit with ongoing security flaws, the researchers did not state that they found weaker security among apps running on Android. Rather, a blog post by NCC Group security consultant Chris Spencer stated that the team chose to focus on Android apps “since our main interest is in researching applications that run on the Android platform”.
The study examined apps with as few as 5,000 users and as many as one million registered users. While all of these apps had some degree of encryption of sensitive data, “none of the apps verified the certificate used by the server,” which allowed for “man-in-the-middle” attacks from a proxy tool.
One of the apps used its own encryption system but stored the encryption key within the code, so attackers could simply decompile the app to retrieve the key, Spencer wrote.