Researchers were able to pinch users’ login credentials by analysing the shared memory used by apps.
Researchers from University of Michigan and University of California have successfully exploited vulnerability in the smartphone memory and hacked Gmail accounts with a 92% success rate.
During the vulnerability test of popular apps, researchers noted that Gmail was among the easiest to crack, with Amazon being the hardest one, with only 48% success rate.
As part of the research, an Android device was accessed by cloaking malicious software as another downloaded application, while researchers deemed it would work on other operating systems including iOS and Windows.
Welcoming the research, Google issued a statement: "Third-party research is one of the ways Android is made stronger and more secure."
To be demonstrated at a cybersecurity conference in San Diego, the research also involved hacking other apps such as H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon.
Researchers initially analysed the shared memory used by all apps and were able to let know user was logging into apps, then steal login details and passwords.
University of California assistant professor Zhiyun Qian said: "The assumption has always been that these apps can’t interfere with each other easily.
"We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user."
Researchers also exploited a feature of the Chase Bank app that enables consumers pay in cheques by capturing images via their device’s camera.