Wednesday, May 30, 2018

Downloading vulnerability...

Have you ever counted how many apps there are in your smartphone? You should. The average user has 28 downloaded apps in their phone, but the number of downloads is way bigger. Almost every day we download apps of all kinds and delete others, so the traffic in our smartphone never stops. This means the highway to hackers. In the war between iOS and Android, when the stores are fighting, Android loses.  

The security evaluation done by Appknox and Seworks says that more than the 84% of the buying apps in Android have three or more high-level security vulnerabilities.

In that study, the 50 best buying apps for Android were analyzed and they found 274 vulnerabilities. And the worst thing is that everyone had security risks.  The apps were tested in 34 different categories of security tests.

94% of apps failed in a test of non-protected exported receptors. Android apps export receptors, that answer to external transmissions announces and they communicate with other apps. For example, when receptors are not protected enough, the cybercriminal might change the behavior of the app as they want and put data that doesn’t belong there. 

Another data we found was that the 70% of the app were affected by non-protected exported activities. The activities were executed from an authorized access. When an activity is exported without protection, it can be started from outside the app. This allows the hackers to go inside and look for personal information, to modify the structure or to lie to the user so that he communicates with the compromised app thinking he is interacting with the original app.

64% of the apps were affected by the client extended app, WebView. When WebView clients are not enough protected in the app extensions, hackers might lie to the users so that they introduce personal and confidential information in fake or copied apps what risks the user’s data and privacy.

A lot of times, users and buyers in Play Store just need to click the buying button to buy an app, without getting to read additional information. It’s too easy to download an app, even payment apps. Most of the users introduce their credit card in Play Store to buy apps but they don’t know how risky it is and the percentage of vulnerabilities they’re hiding.

Are these apps protected enough? It’s a worrying data now we know that almost 100% of the apps we use in a daily basis can risk our information. 


Post a Comment