Eighty of the top 100 paid Android and iOS apps ‘hacked’

Nearly eight in ten paid apps in Apple’s and Google’s app stores have been compromised this year, with financial apps on Android particularly vulnerable, a new research found.

According to Arxan’s latest ‘State of Security in the App Economy’ report, 73% of free Android apps and 53% of free iOS apps have been hacked, compared to 80% of Android apps and 40% of iOS apps compromised last year.

Arxan CTO Kevin Morgan said that the widespread use of ‘cracked’ apps represents a real danger given the explosion of smartphone and tablet use in the workplace and home.

"Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering: either through installed malware or through decompiling and reverse engineering – enabling hackers to analyse code and target core security orbusiness logic that is protecting or enabling access to sensitive corporate data," Morgan said.

Of all apps, mobile financial apps are found to be at high risk, with 53% of such Android apps being ‘cracked’, while 23% of the iOS financial apps were hacked variants.

"Pirated versions of popular software are available on numerous unofficial app stores like Cydia, app distribution sites, hacker/cracker sites and file download and torrent sites," Morgan added.

"During our research we discovered that some of the hacked versions have been downloaded over half a million times which gives a sense of the magnitude of the problem especially as we embark upon a season of high consumer activity that will involve payment transactions, and consumption of products and services via the mobile endpoint."

According to the report, mobile apps are still exposed to diverse hacking attacks launched via a three-step process including analysis of code, detecting software target and launching an app attack.

"The challenge for greater mobile application security remains significant and core recommendations for improving mobile application security need to be integrated early in the application development lifecycle and made a key component of any mobile first strategy," Morgan added.