87 percent of the top 100 paid iOS apps available as hacked versions
According to the third annual State of Mobile App Security report from application protection company Arxan Technologies, 87 percent of the top 100 paid iOS apps have been hacked.
Don’t feel smug if you're an Android user though as the report reveals 97 percent of the top 100 paid Android apps have been too. But whilst the Android figure is in line with previous years, the iOS percentage represents a jump from 2013 when 56 percent were found to have been hacked.
Before you start to panic, what Arxan means by a 'hacked' app, is one that's actually a modified version available from an unauthorized store or torrent site. In the case of iOS apps this also means the device needs to have been jailbroken.
The situation isn't much better with free apps. The report shows that 80 percent of popular free Android apps and 75 percent for iOS also have hacked versions available.
Not surprisingly high profile targets like banking are most at risk. 95 percent of the Android financial apps reviewed were 'cracked' while 70 percent of the iOS financial apps were hacked. This is an increase in both cases, with Android hacks growing about 80 percent.
Shopping apps are being targeted too with 90 percent of retail/merchant Android apps and 35 percent of iOS apps in the same field having been compromised. Hackers are targeting growth in B2C retail apps, as stores launch mobile payment and wallet services, but also B2B merchant point-of-sale apps. In both cases sensitive data, intellectual property, and financial transactions are at risk.
Also worrying is that 90 percent of Android healthcare/medical apps have been hacked, 22 percent of which are FDA approved.
With app downloads still increasing and forecast to reach 253 billion free and 15 billion paid in 2017 there are potentially huge numbers of people at risk if they venture into unofficial stores. Among the report's recommendations are that apps with high-risk profiles running on any mobile platform should be made tamper-resistant and capable of defending themselves and detecting threats at run time. Also that apps be developed to maintain the confidentiality of the code and that software used to enable mobile wallets and payment apps should be protected with secure crypto and app hardening.
"The pursuit of greater mobile application security remains at the forefront our research and development initiatives," says Jonathan Carter, technical director at Arxan. "We continue to evolve our security innovations based on emerging threats to ensure the strongest application protection for our customers in the dynamic battlefield against hackers".
The full report is available to download from the Arxan website and there's an infographic summary of the findings below.