Non-official mobile app stores are security sieves, says Arxan
Mobile app security continues to be the bane of CISOs' existence, and a recent study conducted by mobile app security firm Arxan will do nothing to ease their security woes.
According to a survey of third-party sites outside of the official Google and Apple app stores, a majority of Android financial apps have been hacked and close to a quarter of iOS financial apps have suffered the same fate.
When the top 100 paid mobile apps are examined, Arxan found that a disturbing 78 percent of mobile apps had been hacked. That breaks down to 100 percent of Android apps and 56 percent of iOS apps being compromised, resulting in unauthorized access, fraud, intellectual property theft, and other crimes.
"Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering: either through installed malware or through decompiling and reverse engineering--enabling hackers to analyze code and target core security or business logic that is protecting or enabling access to sensitive corporate data," warns Kevin Morgan, chief technology officer at Arxan.
"During our research we discovered that some of the hacked versions have been downloaded over half a million times, which gives a sense of the magnitude of the problem," adds Morgan.
Of course, Arxan has financial interest in pointing out the insecurity of mobile apps since it provides mobile app protection. Still, the numbers should be concerning for CISOs struggling to provide security in a BYOD environment, where employees bring their own devices to work loaded with third-party apps.