Paid for an app on your phone? Chances are, it has been hacked
Here's something a bit worrying - every one of the top 100 paid Android apps and just over half (56%) of the top 100 paid Apple iOS apps have been hacked, according to research. In comparison to last year's research, compromised free Android apps has gone down to 73% from 80%, but increased in free Apple apps, up to 53% from 40%.
The research by Arxan Technologies also revealed hacking among high-risk apps, like finance apps. Basically, its all very widespread, with Arxan finding that 53% of the Android financial apps were cracked, with iOS finance apps figures at 23%.
"The widespread use of 'cracked' apps represents a real and present danger given the explosion of smartphone and tablet use in the workplace and home,” said Arxan CTO Kevin Morgan. "Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering, either through installed malware or through decompiling and reverse engineering – enabling hackers to analyse code and target core security or business logic that is protecting or enabling access to sensitive corporate data."
Pirated versions of popular apps are available and researchers found that some had been downloaded more than half a million times, which means the problem is most certainly a big one.
"The challenge for greater mobile application security remains significant," said Morgan.
So, what needs to happen? Arxan says that: "All Android applications that process sensitive information assets must be hardened against binary-level integrity or reverse-engineering attacks before deployment" while "mobile applications with a high-risk profile (Android, iOS or other mobile platform) must be capable of defending themselves against static or dynamic analysis at runtime and be made tamper-resistant."
Should mobiles be more explicit in their attempts to get us to use anti-virus software while the phone is fresh out of the box? More needs to be done as smartphones grow in popularity.