US researchers have claimed that in over nine out 10 cases, they managed to successfully hack Gmail accounts by disguising harmful software as another app on an Android smartphone.
The researchers were able to access several apps, including Google's popular email service, by disguising harmful software as another app – and Gmail happened to be one of the easiest to access.
While this hack was carried out on an Android phone, the team believes that it could be performed on all smartphones.
"Third-party research is one of the ways Android is made stronger and more secure," said a Google spokesperson, the tech giant having reportedly welcomed the findings.
The research is to air at a cybersecurity event in San Diego, two academics from the universities of California and Michigan on presentation duties.
The other affected apps included Newegg, Chase Bank, WebMD, H&R Block, Hotels.com and Amazon – which, with a 48 per cent success rate, was the hardest to crack.
The hack works by getting into the shared memory of a user's smartphone with malicious software disguised as an apparently normal app. By monitoring the shared memory, the researchers could see when a user was operating apps such as Gmail, providing a window to steal passwords and login details.
"The assumption has always been that these apps can't interfere with each other easily," said Zhiyun Qian, an assistant professor at the University of California and one of the hacking team.
"We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user."
Apple and Windows smartphones use shared data in the same way as Android, the team say, suggesting the hack could be used elsewhere.