49 Out Of Top 50 Indian Ecommerce Applications Are Vulnerable To Attacks [Wake Up Call]
As per IAMAI’s research, Indian eCommerce market will cross Rs 1 lakh crore mark by the end of 2015 and within this segment, mobile commerce is reflecting the fastest growth. In 2013, only 10% of Indian phone users had a smartphone, and only 5% of the transactions used to happen on mobile; but in 2014, more than 20% phone users have a smartphone and almost 13-15% of overall ecommerce transactions happened on mobile.
It is expected that by end of 2015, 65% of all ecommerce transactions would happen on mobile phones!
As the usage of mobile apps is increasing, major ecommerce portals have resorted to app-only approach by ditching their desktop websites.
But is mobile commerce secured and safe in India?
As per a recent security research conducted by Wegilant using their flagship product Appvigil, it was found 98% of the top 50 mobile apps of Indian ecommerce companies are vulnerable to security attacks.
This shocking revelation means that 49 out of 50 top ecommerce apps in India can enable hackers to steal your data, and play havoc with your smartphone.
Appvigil is a cloud based mobile app security scanner and recently Wegilant raised $500,000 from a team of high profile investors which includes Ravi Gururaj, Chairman, Nasscom Product Council and Gaurav Sharma, director, Yahoo among others.
Some major findings from the report:
– After Appvigil scanned all the top 50 ecommerce apps, it found that total of 1243 security vulnerabilities existed among them. Fortunately, 66.7% of all mobile apps had less than 25 threats, whereas 11.1% had more than 25 but less than 50 threats. 22.2% are the most severe hit as they possess more than 50 security vulnerabilities within them.
– If we talk about severity level of the threats, then 53.3% of the tested apps had High Severity Vulnerabilities. A very bad situation indeed.
– Category wise, apps which sold digital goods had maximum number of ‘High Severity’ threats, followed by shopping apps and cab booking apps. Food ordering, online ticketing and online groceries apps followed closely.
– If we focus on type of vulnerabilities, then out of 1243 threats, then the highest instances of WMITM (36%) and WIP – Improper Component Permissions (25%) were found more prominent. Unfortunately, both of these vulnerabilities are regarded as severe and high impact.
Here is a list of the vulnerabilities against which the testing was done for these top 50 apps on Android:
There were two level of filters applied while selecting the apps for testing:
a) Only those apps which facilitated financial transactions were selected
b) Only the top ranked apps on Google Playstore, under various categories such as Online tickets, online food, online cabs, shopping, online groceries etc were selected.
Appvigil requires only the executable files of the app (.APK) for testing, which was sourced from the Google Playstore.
Here is a breakdown of the different segments from which the apps were selected:
To know more about the process which Appvigil follows for scanning and reporting security threats inside mobile apps, you can visit here and find out more information.
This is surely a wake-up call for almost all ecommerce firms in India, as this report potentially threatens privacy of 100 million+ users, most of whom are first time users of mobile commerce.