The flaws in the popular programs could also allow forged fraudulent messages to be posted, computer scientists at the University of California, Davis, reported.
The security flaws were identified by the researchers who collected about 120,000 free apps for the Android platform, which has about a half-billion users worldwide.
Malicious code can invade the vulnerable programs because developers inadvertently left parts of the app code public that should have been locked up, graduate student Dennis (Liang) Xu said.
"It's a developer error," he said. "This code was intended to be private but they left it public."
Among the vulnerable programs identified by the researchers are popular messaging apps like Handcent SMS, which has a password-protected inbox they said is vulnerable to attack, and the WeChat instant messaging service and Weibo microblogging service, both widely used in China.
Zhendong Su, UC Davis professor of computer science, said that his research team has notified the app developers of the problems, although it hasn't had a response.