The hack was tested on an Android phone, but the researchers believe it could work on all smartphones.
A Google spokeswoman said the technology giant welcomed the research. "Third-party research is one of the ways Android is made stronger and more secure," she said.
The research is being presented later at a cybersecurity conference in San Diego by academics from the universities of Michigan and California.
Other apps hacked included H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon.
The Amazon app was the hardest to access, with a 48% success rate.
The hack involves accessing the shared memory of a user's smartphone using malicious software disguised as an apparently harmless app, such as wallpaper.
This shared memory is used by all apps, and by analysing its use the researchers were able to tell when a user was logging into apps such as Gmail, giving them the opportunity to steal login details and passwords.
"The assumption has always been that these apps can't interfere with each other easily," said Zhiyun Qian, an assistant professor at the University of California and one of the researchers involved in the study.
"We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user