Arxan Discovers Top 100 Android Apps Hacked in 2013
San Francisco and London, December 11, 2013 – Arxan Technologies, the industry-leading provider of software security solutions that protect the App Economy, today released research revealing that one hundred percent of the Top 100 paid Android apps and 56 percent of the Top 100 paid Apple iOS apps have been hacked. A special focus on high-risk apps, namely mobile financial apps was included and also yields widespread app hacking.
As the growth in mobile innovation continues, payment use accelerates and transaction volumes increase - especially during seasonal shopping spikes - mobile app security remains a critical issue.
In its second annual, State of Security in the App Economy™ report, Arxan found "cracked" mobile apps to be widespread, highlighting the potential for massive revenue loss, unauthorized access to critical data, intellectual property (IP) theft, fraud, altered user experience and brand erosion as even more companies move toward app centric innovation and more employees leverage mobile technology.
This year's report updates last year's research into the pervasiveness of hacked apps across all industries from third-party sites outside of the Apple App Store and Google Play market places. Mobile applications are still subject to diverse hacking attacks that are launched via a three step process – analysis of code, identifying software target and launching an app attack.
Key findings from the 2013 report:
78 percent of top 100 paid Android and iOS Apps have been hacked – 100 percent of the top paid Android apps and 56 percent of the top 100 paid iOS apps were found to be compromised. This was a 36 percent decrease from last year.
Hackers continue to target free apps - 73 percent of free Android apps and 53 percent of free iOS apps were found to be hacked in 2013. In 2012, Arxan found 80 percent of Android apps and 40 percent of iOS apps had been compromised.
- Mobile financial apps are at-risk - Arxan discovered that 53 percent of the Android financial apps they reviewed had been "cracked" while 23 percent of the iOS financial apps were hacked variants. Mobile banking and payment apps were included as part of this year's research.
"The widespread use of "cracked" apps represents a real and present danger given the explosion of smartphone and tablet use in the workplace and home," said Kevin Morgan, CTO, Arxan. "Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering: either through installed malware or through decompiling and reverse engineering – enabling hackers to analyze code and target core security or business logic that is protecting or enabling access to sensitive corporate data."
Morgan, further comments: "Pirated versions of popular software are available on numerous unofficial app stores like Cydia, app distribution sites, hacker/cracker sites and file download and torrent sites. During our research we discovered that some of the hacked versions have been downloaded over half a million times which gives a sense of the magnitude of the problem especially as we embark upon a season of high consumer activity that will involve payment transactions, and consumption of products and services via the mobile endpoint."
He added: "The challenge for greater mobile application security remains significant and core recommendations for improving mobile application security need to be integrated early in the application development lifecycle and made a key component of any mobile first strategy".
For a complete copy of Arxan's 2013 'State of Security in the App Economy: Mobile Apps under Attack' – Special Focus on Mobile Financial Apps, Volume 2', which includes mobile application security and integrity recommendations, please download here.
Arxan's 2013 research involved a sample of 230 of the most popular apps including 15 top free apps for iOS and the same 15 free apps for Android. These were the same apps analyzed in 2012. In addition, the 2013 report includes an analysis of 40 mobile financial apps, 20 on each platform.
ABOUT ARXAN TECHNOLOGIES:
Arxan protects the App Economy with the world's strongest and most deployed application integrity protection platform. In today's distributed computing environments - mobile, desktop, server or embedded - software, is exposed to attacks such as reverse-engineering, tampering, insertion of malware/exploits, repackaging, fraud, intellectual property theft, and piracy. Arxan's unique, patented Guarding technology and rapid time-to-market enables sensitive or high-value applications to proactively protect their own integrity by defending, detecting, alerting, and reacting to hacking attacks through a threat-based, customizable approach. Arxan-protected self-defending and tamper-proof applications are deployed on more than 200 million devices by leading Fortune 500 organizations in high-tech, ISV, financial services, media, gaming, and other industries. Arxan Technologies is headquartered in the Bethesda, MD with global offices in EMEA and APAC. Visit us at www.arxan.com.
Arxan: Protecting the App Economy™. Share your thoughts on application protection using hashtag #protectyourapps
Arxan Technologies, Inc.
EMEA PR Contact:
Kim Smith or Dave Wedderburn
Phone: +44 (0)1276 486000
US PR Contact: