Smart Phones, Dumb Apps – 80% of Android’s Top Apps are Vulnerable
Smartphones are evolving at rapid pace today. We’re heading towards a day where, pretty soon, the number of mobile phones in the world will outnumber humans!
According to a Gartner report, nearly 2.2 billion mobile phones and tablets were sold to end users in 2014 itself. While smart phones are getting smarter, are the applications keeping up?
As the number of handheld devices is growing, security is increasingly becoming a major concern. A security breach can not only hurt your customers but also be a hard hit to your brand. While security incidents originating from mobile devices are rare, Gartner said that by 2017, 75 percent of mobile security breaches will be the result of mobile application misconfiguration.
With the number of smartphones and tablets on the increase, and a decrease in traditional PC sales, attacks on mobile devices are maturing. By 2017, Gartner predicts that the focus of endpoint breaches will shift to tablets and smartphones.
In fact, major app owners have already started facing the brunt. Starbucks and Snapchat, both were part of a major PR disaster this year. If you missed that, then here’s what happened.
On 16 January 2014, the Starbucks app, which is one of the most used applications in the US with 10 million customers, was found to be storing user credentials in plain text format. When news broke that user data had been compromised, three million people deleted the app from their mobile devices. In 24 hours, the app fell from fourth highest grossing app to number 26. Starbucks scrambled to release an update later that week, but it was too late.
The same month, an internet group hacked into Snapchat and released the usernames and phone numbers of 4.6 million Snapchat users! And this is from a company that is valued at over US$3 billion.
Here’s the Danger
Research published by Appknox has revealed that 80 out of the Top 100 apps in the world’s major app stores have security vulnerabilities.
“Mobile security breaches are — and will continue to be — the result of misconfiguration and misuse on an app level, rather than the outcome of deeply technical attacks on mobile devices,” said Dionisio Zumerle, principal research analyst at Gartner. “
A classic example of misconfiguration is the misuse of personal cloud services through apps residing on smartphones and tablets. When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices.”
Another research by Arxan revealed the following about Android’s Top 100 apps:
Amongst top 100 paid applications:
- 97 per cent of apps on the Google Android platform had been hacked
- 87 per cent of apps on Apple iOS had been hacked
Amongst popular free applications:
- 80 per cent on Android had been hacked
- 75 per cent on Apple iOS had been hacked
While these numbers are right on your face and very glaring, sad part of the story is that not many companies and developers are taking it seriously. People tend to take things seriously only once they are hacked or vulnerability has been disclosed publicly. Waiting for a moment of public embarrassment isn’t the best approach to things.
Are there ways to take care of this?
Yes, definitely. There are quite a few things developers can do or take care of so as to make their apps secure. The next part of this article will talk about some of the most common errors found and the simple measures that you can take to make your apps more secure.
[box type=”shadow” ]About the Author: Prateek Panda is the Co-founder of Appknox, a cloud-based security tool that helps app developers and businesses make their mobile applications more secure.[/box]