Study Claims 87% Of Top iOS Apps Have Been Compromised
By Paul Liu
Tuesday, February 3rd, 2015
If the findings of a new study are to be believed, 87% of top 100 paid apps available on the iTunes store have been hacked. The figure was even worse for Android since the security of as many as 97 percent of top 100 paid apps has already been compromised. The findings were published by Arxan Technologies, the world’s Strongest Application Protection Provider, as a part of its third Mobile App Security report. The company analyzed 360 popular apps available at iTunes and Google Play stores and discovered that a majority of them have been cloned or have repackaged versions available online.
The statistics published in the report reveal a stunning increase in the number of hacked apps for the iOS ecosystem. While the percentage of hacked Android apps is almost similar to what the company reported in the second Mobile App Security report, the percentage of hacked iOS apps shot up from 56% to 87% in just one year. The study also revealed that the epidemic of fake and cloned applications is not just restricted to paid apps since 80% of top 20 free Android apps as well as 75% of top 20 free iOS applications have been compromised.
The report clearly shows that there is a huge market for cloned and repackaged apps. While the chances of such apps appearing on the official app stores (iTunes and Google Play) are pretty remote, hackers are free to sell them through black market app stores or make them available through torrent sites. Also, since iOS has a pretty secure ecosystem, the hacked apps are usually preferred by those who are using jailbroken iPhones or iPads.
The study also sheds a light on the type of apps that are most likely to be cracked or cloned by the attackers. It comes as no surprise that financial and ecommerce apps remain the prime targets of the hackers. As per the report, 70% of iOS and 95% of top 20 Android financial apps have already been hacked while the figure was 90% and 35% for the ecommerce apps. Arxan also discovered that the security of 90% of top 20 Android based healthcare apps (22% of which were FDA approved) has already been compromised. The fact that hackers are targeting mobile payment, retail, medical, wallet and point-of-sale apps is a cause of big concern since it could not only threaten the security of customer data but also lead to theft of money and identity.
Arxan also had a word of advice for app developers. The company encouraged developers of wallet and payment apps to protect their apps with techniques like app hardening and encryption. Additionally, the company advised developers to make their apps capable of dealing with runtime threats in addition to making them tamper resistant.
While more and more people are making a transition to the mobile internet, app security is still not getting the attention that it deserves. The results of the study conducted by Arxan clearly show that the threat is set to get bigger in the coming years unless app developers, mobile users and security companies start taking preventive and remedial actions immediately.