At least 9 out of 10 top mobile apps hacked, study shows

An average of 96% of the top 100 paid mobile apps have been hacked, a study has revealed

An average of 96% of the top 100 paid mobile apps have been hacked, a study has revealed.

Android is the most susceptible platform, according to the State of Security in the App Economy report by security firm Arxan Technologies.

The study looked at 230 top apps from third-party sites outside of the Apple App Store and Google Pay marketplaces, including the top 100 paid apps on Android and iOS.

Among the paid apps, the study found 92% of the iOS apps had been hacked, compared with 100% on the Google Android platform.

However, only 40% of the popular free iOS apps had been hacked, rising to 80% for free apps on the Android platform.

The study found that business, financial services and productivity apps were among those most affected, with hacking activities ranging from disabling security to unlocking and modifying app features.

Hackers also resorted to code and IP theft, and distributing illegal malware-infested versions of apps.

Developers need to harden their code against reverse engineering and make their apps tamper-proof and self-defending, Arxan said.

"A thriving app economy is under threat from hackers, and most enterprises, security teams and app developers are not prepared," said Jukka Alanen, vice-president at Arxan and the lead author of the new study.

"The integrity of mobile apps can be easily compromised through new tampering/reverse engineering attack vectors," he said.

The integrity of mobile apps can be easily compromised through new tampering/reverse engineering attack vectors

Jukka Alanen, vice-president, Arxan

According to Alanen, the traditional approaches to application security, such as secure software development practices and vulnerability scanning, cannot address the new hacking patterns identified by the study.

"The findings call for new approaches for mobile app owners to build protections directly inside their apps to withstand these new attacks," he said.

The report recommends that app owners:

  • Make mobile app protection a strategic priority, reflecting its new criticality to address hacking attacks and the growing value at stake;
  • Be especially diligent about protecting mobile apps that deal with transactions, payments, sensitive data, or have high-value IP (e.g. financial services, commerce, digital media, gaming, healthcare, government, corporate apps);
  • Do not assume that web app security strategies are adequate to address the new requirements for mobile app protection;
  • Focus app security initiatives on protecting the integrity of mobile apps against tampering/reverse-engineering attacks, in addition to traditional approaches to avoiding vulnerabilities;
  • Build protection directly into the app – harden the code against reverse-engineering, and make the app tamper-proof and self-defending – to counter how hackers attack an app.

Image: Thinkstock




Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...