Hackers target banking apps on Apple and Google platforms
We act as if are phones and tablets are safe. They’re not. According to security company Arxan Technologies, all of the top 100 paid Android apps have been hacked. (Yes, all, as in 100 percent.) Apple’s doing better, with only 56 percent of their top paid iOS apps hacked.
This doesn’t mean that the apps you actually download are almost certainly malware. Most of the hacked apps turn on third-party download sites rather than Apple’s and Google’s approved stores. But it’s still a serious danger that according to Arxan has “potential for massive revenue loss, unauthorized access to critical data, intellectual property (IP) theft, fraud, altered user experience and brand erosion.”
What sort of apps do they hack most?
Hackers often target financial apps, and with good reason. If criminals can get between you and your bank, they have access to your account numbers, passwords, and other useful information. They can easily turn your money into their money. According to an Arxan report, “This high-risk category… requires extra vigilance to protect overall application integrity.”
But avoiding the convenience of mobile banking doesn’t make you safe. Arxan found that “Hackers continue to target free apps - 73 percent of free Android apps and 53 percent of free iOS apps were found to be hacked in 2013.”
Luckily, most users are not likely to download from these third-party sites. In Android, a default setting limits you to downloading apps only from the Google Play store. You can change that setting, but you’re not likely to find it if you’re not looking. Apple is even stricter. You have to jailbreak an iPhone or iPad to download apps from another store.
But even Google’s official store isn’t entirely safe. "Google Play isn't a vetted app store,” warns Arxan Chief Technology Officer Kevin Morgan in a Guardian article by Charles Arthur. Anyone can post an app to the official store, and Google will only remove it if they detect malware or receive complaints from users. Back in September, BlackBerry had to delay the release of iOS and Android apps when a hacked version went live on Google Play before the legitimate one.
On the other hand, "in the Apple Store you're almost certain to see just legitimate apps,” says Morgan. “Hacked code isn't a significant problem in Apple's App Store." Unlike Google, Apple vets every app before making it available to users.
And there are other reasons why Android isn’t as safe as Apple. Google’s operating system is heavily fragmented. According to Google’s own report, more than a quarter of Android devices are still using 2.x versions of the operating system. The most commonly used version, 4.1 Jelly Bean, has only 37.4 percent. The three most recent versions, Jelly Beans 4.2 and 4.3, plus the new KitKat 4.4, together run on just over 18 percent of Android devices. According to Arxan, "hackers can more readily target a fragmented, and open Android ecosystem.”
Based in Bethesda, Maryland, Arxan specializes in securing data in the mobile environment.