Eighty of the top 100 paid Android and iOS apps 'hacked'

App Dev and SOA

by CBR Staff Writer| 12 December 2013

Apple and Google app stores highly vulnerable, security firm warns.

Nearly eight in ten paid apps in Apple's and Google's app stores have been compromised this year, with financial apps on Android particularly vulnerable, a new research found.

According to Arxan's latest 'State of Security in the App Economy' report, 73% of free Android apps and 53% of free iOS apps have been hacked, compared to 80% of Android apps and 40% of iOS apps compromised last year.

Arxan CTO Kevin Morgan said that the widespread use of 'cracked' apps represents a real danger given the explosion of smartphone and tablet use in the workplace and home.

"Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering: either through installed malware or through decompiling and reverse engineering - enabling hackers to analyse code and target core security orbusiness logic that is protecting or enabling access to sensitive corporate data," Morgan said.

Of all apps, mobile financial apps are found to be at high risk, with 53% of such Android apps being 'cracked', while 23% of the iOS financial apps were hacked variants.

"Pirated versions of popular software are available on numerous unofficial app stores like Cydia, app distribution sites, hacker/cracker sites and file download and torrent sites," Morgan added.

"During our research we discovered that some of the hacked versions have been downloaded over half a million times which gives a sense of the magnitude of the problem especially as we embark upon a season of high consumer activity that will involve payment transactions, and consumption of products and services via the mobile endpoint."

According to the report, mobile apps are still exposed to diverse hacking attacks launched via a three-step process including analysis of code, detecting software target and launching an app attack.

"The challenge for greater mobile application security remains significant and core recommendations for improving mobile application security need to be integrated early in the application development lifecycle and made a key component of any mobile first strategy," Morgan added.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

716 people like this.
1551 people follow this.

App Dev and SOA Intelligence

Buy the latest industry research online today!
See more

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.