Google's Gmail app can be hacked with a 92 per cent success rate, irrespective of the make of phone - or software platform - it is running on, says the University of California.
Researchers at the university's Riverside Bourns College of Engineering, as well as colleagues at the University of Michigan, apparently discovered a previously unknown exploit involving apps unwittingly making shared memory statistics available to malicious infiltrations.
The good news, however, is that the exploit seems to rely almost entirely on a heavy dollop of social engineering, researchers admitting that a user has to be persuaded to download a seemingly benign app - such as one for installing phone wallpapers - in order for hackers to infiltrate the memory stream.
But the point, say the researchers, is that they have proven the extent to which apps work, cross-platform, on closely-shared infrastructure and how damaging this can be if exploited so easily.
"The assumption has always been that these apps can't interfere with each other easily," researcher Zhiyun Qian said. "We show that assumption is not correct and one app can in fact significantly impact another and result in harmful consequences for the user."
There is another condition for a successful attack, too: the attacker has to strike at the exact moment the unwitting user is logging into the app.
As well as Gmail's 92 per cent success rate, researchers also logged Hotels.com with an 83 per cent success rate, accounting software H&R Block at 92 per cent and Chase Bank at 83 per cent.
Amazon's app was only 48 per cent crackable by the method, with researchers saying this was down to the app's ability to transition smoothly from one activity to the next, increasing hackers' challenge in successfully guessing what type of activity the user was engaged in from the shared memory statistics.
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy