Arxan Technologies performed an analysis to arrive at the results, and found “cracked” mobile apps to be widespread as even more companies move toward app-centric innovation and more employees leverage mobile technology, highlighting the potential for the usual miserable results of hacking: revenue loss, unauthorized access to critical data, intellectual property (IP) theft, fraud, altered user experience and brand erosion.
“The widespread use of cracked apps represents a real and present danger given the explosion of smartphone and tablet use in the workplace and home,” said Kevin Morgan, CTO at Arxan, in a statement. “Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering: either through installed malware or through decompiling and reverse engineering – enabling hackers to analyze code and target core security or business logic that is protecting or enabling access to sensitive corporate data.”
The analysis had special focus on high-risk apps, namely mobile financial apps, which also turned up widespread hacking indicators, the firm said. Arxan discovered that 53% of the Android financial apps they reviewed had been compromised, while 23% of the iOS financial apps were hacked variants.
“Mobile applications are still subject to diverse hacking attacks that are launched via a three step process – analysis of code, identifying software target and launching an app attack,” the company explained. “As the growth in mobile innovation continues, payment use accelerates and transaction volumes increase - especially during seasonal shopping spikes – [so] mobile app security remains a critical issue.”
Among the findings was the fact that hackers continue to target free apps – 73% of free Android apps and 53% of free iOS apps were found to be hacked in 2013. In 2012, Arxan found 80% of Android apps and 40% of iOS apps had been compromised.
Consumers should beware rogue app stores too. “Pirated versions of popular software are available on numerous unofficial app stores like Cydia, app distribution sites, hacker/cracker sites and file download and torrent sites,” Morgan said. “During our research we discovered that some of the hacked versions have been downloaded over half a million times which gives a sense of the magnitude of the problem especially as we embark upon a season of high consumer activity that will involve payment transactions, and consumption of products and services via the mobile endpoint.”
He added: “The challenge for greater mobile application security remains significant and core recommendations for improving mobile application security need to be integrated early in the application development lifecycle and made a key component of any mobile first strategy.”