Top 100 Android apps hacked in 2013

One hundred percent of the Top 100 paid Android apps and 56 percent of the Top 100 paid Apple iOS apps have been hacked, according to Arxan.

As the growth in mobile innovation continues, payment use accelerates and transaction volumes increase – especially during seasonal shopping spikes – mobile app security remains a critical issue.

Arxan found “cracked” mobile apps to be widespread, highlighting the potential for massive revenue loss, unauthorized access to critical data, IP theft, fraud, altered user experience and brand erosion as even more companies move toward app centric innovation and more employees leverage mobile technology.

This year’s report updates last year’s research into the pervasiveness of hacked apps across all industries from third-party sites outside of the Apple App Store and Google Play marketplaces. Mobile applications are still subject to diverse hacking attacks that are launched via a three step process – analysis of code, identifying software target and launching an app attack.

Key findings from the 2013 report:

• 78 percent of top 100 paid Android and iOS Apps have been hacked – 100 percent of the top paid Android apps and 56 percent of the top 100 paid iOS apps were found to be compromised. This was a 36 percent decrease from last year.
• Hackers continue to target free apps – 73 percent of free Android apps and 53 percent of free iOS apps were found to be hacked in 2013. In 2012, 80 percent of Android apps and 40 percent of iOS apps had been compromised.
• Mobile financial apps are at-risk – 53 percent of the Android financial apps they reviewed had been “cracked” while 23 percent of the iOS financial apps were hacked variants. Mobile banking and payment apps were included as part of this year’s research.

“The widespread use of “cracked” apps represents a real and present danger given the explosion of smartphone and tablet use in the workplace and home,” said Kevin Morgan, CTO, Arxan.

“Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering: either through installed malware or through decompiling and reverse engineering – enabling hackers to analyze code and target core security or business logic that is protecting or enabling access to sensitive corporate data.”

Morgan, further comments: “Pirated versions of popular software are available on numerous unofficial app stores like Cydia, app distribution sites, hacker/cracker sites and file download and torrent sites. During our research we discovered that some of the hacked versions have been downloaded over half a million times which gives a sense of the magnitude of the problem especially as we embark upon a season of high consumer activity that will involve payment transactions, and consumption of products and services via the mobile endpoint.”

He added: “The challenge for greater mobile application security remains significant and core recommendations for improving mobile application security need to be integrated early in the application development lifecycle and made a key component of any mobile first strategy”.