Popular Android Apps Are Rife With Cryptographic Vulnerabilities"
Researchers at Columbia University have recently released Crylogger, an open source dynamic analysis tool that shows which Android apps contain cryptographic vulnerabilities. The researchers used the tool to test 1780 popular Android apps from the Google Play Store. All of the Android applications tested broke at least one of the 26 crypto rules. Many of the applications (1775) use an unsafe pseudorandom number generator (PRNG), and 1076 of the applications use the CBC operation mode, which is vulnerable to padding oracle attacks in client-server scenarios. Most of the applications (1764) use a broken hash function (SHA1, MD2, MD5, etc.), and 820 of the applications use a static symmetric encryption key (hardcoded).
Help Net Security reports: "Popular Android Apps Are Rife With Cryptographic Vulnerabilities"