Enterprise security player Palo Alto Networks says Android Internal Storage is a protected area that Android- based applications use to store private information, including user names and passwords.
According to Palo Alto Networks research, an attacker may be able to steal sensitive information from most of the applications on an Android device using the Android Debug Bridge (ADB) backup/restore function.
In addition, most of the security enhancements added by Google to prevent this type of attack can be bypassed.
Anyone using a device running version 4.0 of Android - about 85 per cent of Android systems in use today in the Middle East - is potentially vulnerable.
Also Read
Of the estimated 525.8 million mobile phone owners is the Middle East and Africa, this equates to over 178 million phones at risk in the Middle East and Africa, the report said.
Over 94 per cent of popular Android applications, including pre-installed email and browser applications, use the backup system, meaning users are vulnerable.
"We encourage users to be aware and Google to take a closer look at this storage weakness in Android. Given Android's place as the region's most popular mobile operating system, millions of users are potentially at risk here in the Middle East and Africa," said Saeed Agha, GeneralManager, Middle East, Palo Alto Networks.
Palo Alto Networks recommends Android users disable USB debugging when not needed, and application developers to protect Android users by setting android:allowBackup to false in each Android application's AndroidManifest.Xml file or restricting backups from including sensitive information using a BackupAgent.