According to a new report by security company Arxan Technologies, a majority of the top 100 paid apps and the 20 most popular free apps have been hacked. Arxan looked at apps on the two most popular app stores, Apple’s App Store and the Google Play store, and found startling results.
By searching for apps that were hacked to create repackaged or cloned copies of the original app, Arxan focused on hacked apps that are likely to affect typical consumers. They note that “separate analysis has revealed that over 50% of cloned apps are malicious and therefore pose serious risks.”
Highlights from Arxan’s report include the hacking of 97% of the top 100 paid Android apps, 87% of the top 100 paid iOS apps, 95% of top Android financial apps, and 90% of top Android medical apps, with 22% of those bearing FDA approval. 90% of top Android retail apps have also been hacked.
The hacking of most top financial and medical apps is extremely concerning (Android had 85% market share in mobile devices at Q2 2014), since these apps are extremely likely to have access to sensitive information like banking credentials, Social Security Numbers, and confidential patient identities.
There are some barriers in place before users can download these hacked apps. Android users must enable outside app sources in settings (which is required in order to download apps from Amazon’s Android app store). iOS users must jailbreak their device, a process that is “relatively simple and can be done with widely available automated tools to bypass Apple’s device restrictions.”
As threats to mobile security continue to grow and evolve, it is becoming ever more important to proactively protect both brands and users from abuse in mobile apps. IP Lasso provides free consultations for curious or concerned brand owners.
The full Arxan Technologies report can be read here.