Anyone actually read the document? more importantly, is anyone actually surprised?
It's happened on other mobile OS's with rather high profile apps, heck, on your own computers how often do you even know or even check if the websites you're visiting are secured?
The number of errors / inaccuracies in the introduction is funny, for supposedly smart people
10 billion downloads? errr... 25billion+
400,000 apps, it's over 650,000+ possibly broke the 700,000 mark by now
13,500 apps were "tested"
Of those only 1,074 may have contained potential data leaks
They then selected 100 ( I bet the most likely apps to contain major SSL/TLS flaws from their initial testing )
Of those only 41 had "major flaws"
They also do not state is USB debugging is disabled, including USB debugging over Wifi (which could reveal more security holes or they could have used it too)
I'm not sure how all those people didn't notice the warning that pops up stating a certificate is invalid when browsing the web, sure a certificate error won't be displayed when in an app - unless the app is programmed to do so.
Like any computer system it has room to improve and I'm sure Google / the app developers will be happy to receive the feedback. It's good to see the leaked version of Android 4.2 has already taken security to the next level, with an NSA level of security.
I'd like to see the same level of effort put into exposing flaws in other mobile OS's, BB, WP7, WP8, Symbian and ofc iOS
wish they would list the apps they used, i assume they are the normal ones like facebook, twitter and the banking apps.
I don't use a mobile banking app, however, if I found out my bank did not take that extra care with their app I'd be leaving them for a bank that did, just as a matter of principle.
