Paid for an app on your phone? Chances are, it has been hacked

11 December 2013

android_logo Here's something a bit worrying - every one of the top 100 paid Android apps and just over half (56%) of the top 100 paid Apple iOS apps have been hacked, according to research. In comparison to last year's research, compromised free Android apps has gone down to 73% from 80%, but increased in free Apple apps, up to 53% from 40%.

The research by Arxan Technologies also revealed hacking among high-risk apps, like finance apps. Basically, its all very widespread, with Arxan finding that 53% of the Android financial apps were cracked, with iOS finance apps figures at 23%.

"The widespread use of 'cracked' apps represents a real and present danger given the explosion of smartphone and tablet use in the workplace and home,” said Arxan CTO Kevin Morgan. "Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering, either through installed malware or through decompiling and reverse engineering – enabling hackers to analyse code and target core security or business logic that is protecting or enabling access to sensitive corporate data."

Pirated versions of popular apps are available and researchers found that some had been downloaded more than half a million times, which means the problem is most certainly a big one.

"The challenge for greater mobile application security remains significant," said Morgan.

So, what needs to happen? Arxan says that: "All Android applications that process sensitive information assets must be hardened against binary-level integrity or reverse-engineering attacks before deployment" while "mobile applications with a high-risk profile (Android, iOS or other mobile platform) must be capable of defending themselves against static or dynamic analysis at runtime and be made tamper-resistant."

Should mobiles be more explicit in their attempts to get us to use anti-virus software while the phone is fresh out of the box? More needs to be done as smartphones grow in popularity.

TOPICS:   Mobile   Privacy

8 comments

  • Fat B.
    There is a big difference between cracking and hacking, with the first actually removing any DRM restrictions of the software and allowing the code to be decompiled and analysed whereas hacking is typically exploiting vulnerabilities in the code and injecting malicious software.
  • Fat B.
    Another note, if you have PAID and downloaded an APP from the Google Playstore, then it is not hacked - this article is specifically talking about apps downloaded from torrent websites or "free" apps which would not last long on the playstore.
  • Mort
    Any Android app can be decompiled, no matter what the developer tries. Copy the apk off your phone, convert the dex into a jar and open with jd. Can be done in less than a minute. It's interesting to find out what your apps are getting up to, even if you aren't in the business of cracking or plagiarising.
  • Gran
    Ooh, I like jars! I can't open one in less than a minute though. Not any more.
  • Daffy
    Wow, this article is terrible. If you've paid for an app, it's not been cracked. The research says that there are free cracked versions available on pirate sites for most of the paid-for apps - which comes as no news to anyone. Awful reporting
  • Coran
    Author needs to learn the difference between hacking and cracking... Very confusing/misleading.
  • Gordo
    You should also point out that the research was done by a company who sells software to apparently protect against this..
  • Samantha
    Yes this is a terribly misleading story. I also don't really _get_ piracy on mobile platforms, I suppose it's mostly kids without debit cards. There are a few exceptions but most paid for apps cost somewhere between 79p and £3, at that price, seriously why are you stealing it? When it's £45 for an xbox game, or £20 for a bluray I get it, but apps are cheap as chips, and if you buy one on android it works across all your android devices with only a single purchase, and many apps give you upgrades, tech support and new features for years and years. I bought swiftkey for 10p in the sale a couple of years back and have installed it on 4 different phones/tablets, it's had 3 major upgrades adding swipe capability, thumb keyboards and edge keyboards for phablets and it cost me 10 fricken pence.

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment