Representatives of Chase and WebMD said the issue was an operating system vulnerability rather than an app problem. Newegg.com said the study shows the need for "everyone in the mobile space to work together to ensure security."
H&R Block's Gene King said there was no indication that any client data had been compromised. "H&R Block takes privacy and security very seriously, and we are in contact with appropriate parties to address these reports," King said.
The other companies in the study did not immediately respond to CNBC requests for comment.
However, some smartphone experts didn't find the report a great concern.
"It was interesting in a theoretical sense, but a lot of things have to happen there for it to be a practical hack," Android Central Editor-in-Chief Phil Nickinson said via Twitter.
Menting, an analyst at ABI Research, said the level of technical knowledge required for the attacks would probably prevent widespread use of the hack method.
After a high-profile breach of credit card data at Target late last year, reports of cybersecurity attacks on companies and government agencies have been on the rise recently.
"As secure as we thought we were a year or two ago, we're seeing another wave across app platforms everywhere," said Brian Blair, analyst at Rosenblatt Securities. "We're going to have to have app developers create a layer of new security. There's not much I see consumers can do. We have to wait for all companies that store our info to upgrade."
He added that consumers will probably start looking more into state-of-the-art identification protection services.
Qian's advice to consumers was to avoid installing untrusted apps.
Adam Levin, founder and chairman of Identity Theft 911 and Credit.com, agreed.
"Users should be cautious and only download apps from trusted sources—big, popular apps are hacker magnets," he said in an email. "Do a routine check of your smartphone and tablet, especially if you have little ones using the device, to ensure only apps that can be trusted are the only ones installed. Immediately uninstall apps that appear to be from unknown sources or are not necessary."
Read MoreStop, hacker! What retailers (and consumers) can do
—By CNBC's Evelyn Cheng