Smartphone owners downloaded 127 billion free apps and 11 billion paid apps in 2014. By 2017, those figures are projected to increase to 253 billion free and 14.78 billion paid app downloads. Global revenue from smartphone apps was $25.84 billion in 2013, a figure expected to reach $70 billion by 2017.
Apps are big business, so it’s no surprise that cyber criminals want a piece of the action. What is surprising is how easily they can get it.
Released this week, Arxan Technologies’ third annual State of Mobile App Security report on the top 100 paid and top 20 most popular free Apple iOS and Android apps reveals that the vast majority have been hacked and cloned. Separate analysis of cloned apps found that over 50% of them were malicious and posed serious risks, as the recent discovery of the WireLurker malware shows.
Android apps in general, and financial services apps in particular, look to be worryingly insecure.
- 87% of the top 100 paid iOS apps have been hacked.
- 97% of the top 100 paid Android apps have been hacked.
- 75% of the 20 most popular iOS apps have been hacked.
- 80% of the 20 most popular Android apps have been hacked.
Broken down by sector:
Financial services apps
- 70% of iOS apps were hacked, 30% were not.
- 95% of Android apps were hacked, 5% were not.
- 35% of iOS apps were hacked, 65% were not.
- 90% of Android apps were hacked, 10% were not.
- 100% of iOS apps were not hacked.
- 90% of Android apps were hacked, 10% were not. 22% of the hacked apps were FDA-approved.
App security is as much an issue for websites as smartphones. If you’re concerned about your application security in the run-up to Christmas, you can identify vulnerabilities in your infrastructure and web apps with IT Governance’s Combined Infrastructure and Web Application Penetration Test, which will enable you to improve your network security, and provide vital customer reassurance. 2014 was the year of the massive data breach. Don’t let your enterprise join the long list of hacked organizations. What’s more, if you book this service in November, we’ll throw in a free email phishing campaign to test your staff’s resistance to social engineering attacks.