Around 40% of Android and iOS apps have high-risk vulnerabilities

It looks like the apps we use may be at a higher risk of having vulnerabilities than anyone previously thought. According to a new study, which involved expert testing of iOS and Android apps, over a third of iOS and Android apps have high-risk vulnerabilities. In other words, there are likely at least a few apps that leave your data exposed.

The study comes from Positive Technologies’ Vulnerabilities and Threats Mobile Applications 2019 report and noted that the majority of vulnerabilities came in the form of insecure data storage. More specifically, 43% of Android apps were found to have vulnerabilities, while 38% of iOS apps suffered the same fate.

There’s an even bigger problem than the basic fact that there are so many vulnerable apps — and that’s the fact that 89% of those vulnerable apps can be exploited by malware, meaning that potential hackers don’t need actual physical access to exploit the vulnerabilities. According to the study, once the malware is on the device, it can get permission to access user data, and then send that data to attackers. A much smaller percentage of apps had source code vulnerabilities.

“In 2018, mobile apps were downloaded onto user devices over 205 billion times. Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information. However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue. Stealing data from a smartphone usually doesn’t even require physical access to the device,” Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, said in the study.

So what can be done to prevent attacks? Well, it really comes down to consumer education. Users should take care to be aware of the apps and the data that apps are requesting, and not grant apps access to data that they don’t need. If you’re ever in doubt, always decline the request to access. Not only that, but users should never open unknown links in SMS and chat apps, and Android users should only download apps from the Google Play Store and not third-party stores.

Editors’ Recommendations

  • Update WhatsApp! Sophisticated attack installs spyware with just a call
  • Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs
  • Google recalls Titan Security Key due to hijack risk
  • HMD Global is moving all Nokia user data to Finland to better protect it
  • How to download Instagram photos from any device