Simon agreed that "in general Google Play is a safe bet, but that doesn't mean you can't be compromised a different way", citing a Chrome exploit that enabled attackers to gain control over a Nexus 4 and a Galaxy S4 after getting people to click on a link.
Is anyone trying to protect us?
The researchers at Cambridge University are focused on what OS vendors and smartphone manufacturers can do to combat this threat.
The PIN Skimmer research paper suggests various countermeasures, but concedes that one of the main ways is blocking access for various sensors during sensitive transactions, or randomizing the placement of digits on the PIN pad, which would have a detrimental impact on usability.
As Simon suggested, "when you're typing a PIN you don't really need to have access to anything, it takes a few seconds, but it's a big decision for them to say 'we're going to block everything', people might start complaining if they miss a call."
What about biometrics?
Could developments like Apple's Touch ID be the answer? Rogers suggested "it's a really good way to bring security to the masses. It's convenient, it's easy to use and it fits within the user's normal processes.
"The biggest risk you face with the PIN code is that someone is going to trick you into surrendering your PIN, via a website or app. A PIN can be tricked out of someone, but you can't trick a fingerprint out of them. If you marry the two, so that now you need two credentials to gain access, I would rate that security as pretty high."
So biometrics, which also recently debuted on the HTC One Max, are the mobile industry's way of addressing this issue, but it remains to be seen if this is the answer, or if multi-factor authentication is a step further than users would accept for everyday smartphone use.
So in the short term the only option may be to sacrifice some convenience for peace of mind. As Simon said: "anything you can do to make things harder for the bad guys is always a good thing."