Widespread hacking of top Android, iOS apps revealed

12 Dec 2013

Research has revealed that all the top 100 paid Android apps and 56 per cent of the top 100 paid Apple iOS apps have been hacked.

As against the 2012 research, the proportion of compromised free Android apps saw a decline from 80 per cent to 73 per cent, but compromised iOS apps increased from 40 per cent to 53 per cent.

Security firm Arxan Technologies, which conducted the research further said the study  revealed widespread app hacking among high-risk apps such as mobile financial apps.

The firm said in its second annual State of Security in the App Economy report, it found use of ''cracked'' mobile financial apps to be widespread.

The company focused on the apps for the first time and uncovered that 53 per cent of the Android financial apps it reviewed had been ''cracked'', as against 23 per cent of the iOS financial apps were hacked variants.

According to the report, the findings highlighted the potential for colossal revenue loss, unauthorised access to data, intellectual property (IP) theft, fraud, altered user experience as also brand erosion.

Kevin Morgan, chief technology officer of Arxan, said, hacked apps were showing up in a lot of different storefronts, such as Cydia, in a decrypted state, so by definition the software had been hacked.

He added, there were multiple examples where there had been some tampering with the original code.

Financial apps constitute a special challenge as users trust them with essential data such as bank account numbers and passwords.

According to Arxan, it found that 23 per cent of its sample of iOS financial apps had been hacked and reposted - and 53 per cent of Android financial apps.

Apps can be downloaded by Android users from third-party stores via setting on their device while iOS users need to "jailbreak" their device - that is, use a hacking attack to give themselves the equivalent of "root" privileges for software installation. No jailbreaks for iOS 7, have been released in September.

Google's official Play store could also be a source of malware and hacked apps and in September BlackBerry had to halt the rollout of its BBM app for Android as the hacked version placed in the Play store before the official one had been downloaded more than a million times.