Simon agreed that "in general Google Play is a safe bet, but that doesn't mean you can't be compromised a different way," citing a Chrome exploit that enabled attackers to gain control over a Nexus 4 and a Galaxy S4 after users clicked on a certain link.
Is anyone trying to protect us?
The researchers at Cambridge University are focusing on what OS vendors and smartphone manufacturers can do to combat this threat.
The PIN Skimmer research paper suggests various countermeasures, but the most effective come with a cost to usability. For example, blocking access for various sensors during sensitive transactions would keep hackers out, as would randomizing the placement of digits on the PIN pad - but they would also make your phone more limited and inconvenient.
Says Simon: "When you're typing a PIN you don't really need to have access to anything, but it's a big decision for [manufacturers] to say 'we're going to block everything.' People might start complaining if they miss a call."
What about biometrics?
Could developments like Apple's Touch ID be the answer? Rogers thinks it could: "It's a really good way to bring security to the masses. It's convenient, it's easy to use and it fits within the user's normal processes."
While biometrics have some vulnerabilities, the big advantage is that they allow convenient two-stage security. Says Rogers: "A PIN can be tricked out of someone, but you can't trick a fingerprint out of them. If you marry the two, so that now you need two credentials to gain access, I would rate that security as pretty high."
So biometrics (which also recently debuted on the HTC One Max) are a positive step towards security. But it remains to be seen if they are the answer, or if multi-factor authentication is a step further than users will accept for everyday smartphone use.
In the short term, the only option may be to sacrifice some convenience for peace of mind. As Simon says: "Anything you can do to make things harder for the bad guys is always a good thing."