Many users of Google's market-leading Android smartphone operating system are being tricked into leaking their personal information, a report has found.
The new research, reported by the BBC, suggests many users are unable to tell genuine apps from fakes or insecure clones.
A team based at the Leibniz University of Hannover and the Philipps University of Marburg said that after an analysis of 13,500 "popular free apps" downloaded from the Google Play store, 1,074 did not use standard scrambling methods for communicating with websites.
In total about 8% of the apps had this flaw.
The result was that the researchers were able to target people using those apps, intercept the data being sent via the app and capture it for their own use.
That data included phone numbers, social media logins, passwords and bank account information.
The team noted that the OS has a 48% share of the market according to one estimate, and that 400,000 apps are available for the platform.
But unlike Apple's App Store and other competitors, Google's "relatively open and unrestricted" approach has led to a proliferation of fakes and harmful software.
More than half of 754 people asked could not spot when an app was communicating through a secure connection.
"There seems to be a need for more education and simpler tools to enable easy and secure development of Android apps," the study concluded.
"But most importantly, research is needed to study which countermeasures offer the right combination of usability for developers and users, security benefits and economic incentives to be deployed on a large scale."