Hackers are increasingly targeting paid-for-apps on Google and Apple mobile platforms with latest reports indicating that hackers have managed to hack 100 percent of the top 100 apps on Android while they have been able to do so for 56 percent of the top 100 apps on iOS.
Hackers are also targeting free apps and the figure stands at 73 percent for top 100 apps on Android and 53 percent on iOS. The results have been derived by Arxan in its second annual report on the mobile app security space titled “State of Security in the App Economy”.
This doesn’t mean that the hacked apps are being hosted on Google Play Store and Apple App Store as most of the hacked apps turn up on third party stores, which are frequented by users of rooted Android and jailbroken iOS devices.
Breaking down on the type of apps that hackers are targeting, the report reveals that hackers often target financial apps for the simple reason that they will be able to rake in thousands or even hundreds of thousands of dollars if they manage to get in between a user and the bank. Criminals will then be able to access a user’s bank account numbers, login IDs, passwords, and other such useful information. Arxan report puts such financial apps into ‘high-risk category’, which require “extra vigilance to protect overall application integrity.”
Arxan recommends that developers of Android applications that are responsible for handling and processing sensitive user information should be hardened against reverse-engineering attacks before they are deployed. The company also recommends that mobile apps on all platforms that fall under high-risk category should be capable of defending themselves while also being tamper-resistant.
The report notes that users can protect themselves by ensuring that they don’t download and install apps from untrusted sources. Android users can change the setting on their handset to prevent unsigned apps from third party sources from installing, while those using jailbroken iOS devices should ensure that they download and install critical apps from trusted sources only.
However, if users are not looking and keeping a vigilant eye, chances are they will end up installing a hacked app.
Find the report here.
Clearly the author of this piece doesn’t understand android.
There is no need on android to root the device in order to install apps from third party locations, all you have to do is to go into the settings and tick “allow installation of apps from unknown sources”. This has nothing whatsoever to do with rooting; which is about gaining superuser access to your phone, allowing you to change things like critical system files. The reason it is so easy on android is because, unlike apple, google do not insist that you get all your apps from their store. There is actually a competitive market among the hundreds of app stores as opposed to a monopoly by the manufacturer.