Posted on June 20, 2019 at 9:11 AM
Hackers Could Steal Everything: Up to 76% of Smartphone Apps Have Dangerous Vulnerabilities
Smartphone apps have always had problems with security. Whether they are already infected with malware and then posted on the app store to wait to be downloaded, or if they are legitimate apps that simply have flaws — the fact is that a great many of them are unsafe.
While this is not only a problem that Android apps have, and iOS can see similar issues, Android apps definitely do lead when it comes to vulnerability issues.
Android is more vulnerable than iOS
Many of these vulnerabilities are small flaws which can easily be fixed if spotted, and they would not let hackers do much. But, there is also an alarming number of high-risk vulnerabilities. These can be encountered on iOS and Android smartphone apps alike, although, as mentioned, Android does lead when it comes to this type of issues.
According to recent studies by Positive Technologies, Android devices are 5% riskier to use than iOS due to app flaws, which may result in a hack. The report, which was published yesterday, June 19th, called ‘Vulnerabilities and threats in mobile applications‘ confirms that Android devices are more at risk (43%) than iOS (38%).
While the difference is not that big, being only 5%, it still confirms what was already suspected — Android apps have faultier security.
The most common of vulnerabilities found within apps on both systems is insecure data storage. According to the report, around 76% of all mobile applications have this issue. Depending on specific cases, this can allow hackers to potentially access data storage and steal all kinds of different information. That may include anything, from passwords and personal information, to financial data, correspondence between the phone’s owner and others, or anything else that may be stored.
Even more alarming is the fact that up to 89% of the found vulnerabilities could be exploited by threats such as malware. Furthermore, jailbroken devices are found to be at greater risk of getting infected. It should also be noted that all of this can be done remotely, without the hackers ever needing to get in actual physical contact with the phone they are trying to break into or infect.
The malware can do most of the work itself, simply by asking for permissions to access certain data. If it receives these permissions, it can infect the phone fully, locate the data it needs, collect it all, and just upload it to the server operated by hackers.
Apps and permissions
This is certainly a cause for concern, as the popularity of smartphone apps has never been greater. According to Positive Technologies’ Leigh-Anne Galloway, 2018 has seen more than 205 billion smartphone app downloads. This is hardly surprising, considering how useful many of the offered apps are.
Developers themselves work long and hard to create an app, and make it as easy to use, and ensure that it would run smoothly. Convenience is greatly appreciated in the modern world, and if the app they create is convenient, it will be downloaded, it is as simple as that. Users don’t even mind providing personal data, or granting the app access to their data storage, as long as they get to use it.
However, Galloway also points out that a great number of apps comes with some quite serious flaws and security issues, which appears to be something that escapes the developers’ attention. Stealing data can be done remotely, without the hacker ever needing to establish a physical connection to the phone. That allows them to target basically any device, anywhere in the world.
Meanwhile, the users that download these apps tend not to pay attention to the permission that the apps want. They just grant them all by default, as refusing to grant permissions means that they will likely not be able to use the app. The only way for the users to combat the issue would be to remain vigilant, examine what requests the app needs, and question whether or not they should be granted.
Apps tend to ask for more permissions than they need to actually operate, meaning that the user should disable access to data, which is not necessary for the app to function. Further, phishing attacks are still quite popular among hackers, and they are more likely to work on those who prefer managing their emails and messages on smartphones, which are typically more vulnerable than computers.
This makes them a great entry point for malware, and users should not open unknown links, no matter if they come in texts, chat apps, emails, or alike. Finally, app users should not download apps from third-party stores. Even Google has troubles with keeping the malicious apps out, and the tech giant works on providing secure products around the clock. 3rd party app stores are likely containing more malware than apps, and as such, they should be avoided at all cost, for the users’ own security.