We've known for a while now that there are apps on the Play Store that don't perform proper security certifications over HTTPS, leaving them, and by extension you, vulnerable to man in the middle attacks, whereby you think you're interacting with a secure app server, but are really communicating with an attacker. Using SSL certification over HTTPS is supposed to protect against this, but only when it's done properly. Researchers at Carnegie Mellon University have begun to compile a list of apps available in the Play Store that either don't perform proper SSL certification, or worse, don't do it at all. The list of vulnerable apps is
, prepare to be shocked at some of the names you see on this list.
Source: CSOOnline.com (thanks cmh714!)