ComputerWeekly.com.com

Research reveals widespread mobile app hacking

By Warwick Ashford

All of the top 100 paid Android apps and 56% of the top 100 paid Apple iOS apps have been hacked, research has revealed.

Compared with the 2012 research, the proportion of compromised free Android apps has decreased from 80% to 73%, but increased in free iOS apps from 40% to 53%.

The research by security firm Arxan Technologies also revealed widespread app hacking among high-risk apps such as mobile financial apps.

In its second annual State of Security in the App Economy report, Arxan found “cracked” mobile financial apps to be widespread.

Focusing on these apps for the first time, Arxan found that 53% of the Android financial apps it reviewed had been “cracked”, while 23% of the iOS financial apps were hacked variants.

The report said the findings highlight the potential for massive revenue loss, unauthorised access to data, intellectual property (IP) theft, fraud, altered user experience and brand erosion.

As the growth in mobile tech innovation continues, payment use accelerates and transaction volumes increase, mobile app security remains a critical issue, the report said.

Read more on mobile security

  • Mobile security model flawed, says Mobile Helix
  • Most businesses hit by mobile security incident, study shows
  • How to secure mobile endpoints? Start with a mobile strategy
  • Mobile Security Strategies
  • Marble Security's cloud-based mobile security service augments MDM
  • Mobile malware up 163% in 2012, says NQ Mobile
  • Working with mobile application security management tools
  • Best practices for improving mobile data security

“The widespread use of “cracked” apps represents a real and present danger given the explosion of smartphone and tablet use in the workplace and home,” said Arxan CTO Kevin Morgan.

“Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering, either through installed malware or through decompiling and reverse engineering – enabling hackers to analyse code and target core security or business logic that is protecting or enabling access to sensitive corporate data,” he said.   

Morgan said pirated versions of popular software are available on numerous unofficial app stores such as Cydia, app distribution sites, hacker/cracker sites, and file download and torrent sites.

Researchers found that some of the hacked versions have been downloaded more than half a million times, indicating the scale of the problem.

“The challenge for greater mobile application security remains significant,” said Morgan.

He believes core recommendations for improving mobile application security need to be integrated early in the application development lifecycle and made a key component of any mobile-first strategy.

In light of the 2013 analysis, Arxan makes the following recommendations:

Arxan notes that recommendations outlined in the 2012 report still need to be widely adopted by application owners, and are outlined below:

11 Dec 2013

All Rights Reserved, Copyright 2000 - 2024, TechTarget | Read our Privacy Statement