SEWORKS-blog_banner.png

App Security Insights

How Often Are Mobile Apps Hacked?

Dec 30, 2016 1:18:28 PM / by Sung Cho

How-Often-Are-Mobile-Apps-Hacked-Blog-IMG.png

Mobile apps are hacked on a near-constant basis. Somewhere right now, someone is attempting to hack one of your apps. Someone else has already hacked an app or two. And thousands of app users are learning that their data has been compromised. Mobile app hacks can be costly to your business and pose significant inconveniences. They can also place your customers in danger.

Users whose data is hacked may be in physical danger from criminals who gain access to their personal information. Their financial health can be undermined, their sense of privacy destroyed, and their confidence in your business and your app permanently ruined. So how often are mobile apps hacked? Continuously. Here’s what you need to know.

How Frequently Are Mobile Apps Hacked?

Consider some of the following terrifying statistics about the frequency of mobile app hacking:

  • 100% of the top Android apps were hacked in 2012 and 2013. In 2014, that figure dropped only slightly, to 97 out of 100.
  • 90% of the top Android health apps were hacked in 2014, leaking highly sensitive consumer healthcare data.
  • More than a billion mobile records were breached in 2014.
  • 25% of mobile devices face at least one hacking threat each month.
  • The cost of cybercrime is projected to rise to $2 trillion by 2019.
  • Hacks are often simple and easy, offering criminals access to a veritable cornucopia of consumer data. One hack can quickly and easily target more than a billion mobile apps.
  • 98% of mobile apps are not secure.

Comparing Apple and Android

Though all devices face risks from hacking, research consistently shows that Android apps are less secure than Apple/iOS apps. Apple builds in a number of security features, and allows consumers more control over which data apps can access. Some of the discrepancy might also be explained by differences between Apple and Android users. Apple devices are typically more expensive, so tech-savvy users could be more likely to buy them, and less likely to install unsecured apps.

Consider the following:

  • None of the top iOS health apps were successfully targeted in 2014.
  • 14 of the top iOS financial apps, compared to 19 such apps on Android, were hacked last year.
  • 7 of the top 20 iOS retail apps and 18 of the top 20 retail apps on Android were successfully hacked in 2014.

Why Mobile Apps Are So Insecure

Android allows just about anyone to develop and publish an app, making it more open to dangerous and unsecured applications. But on both Android and iOS, a number of security loopholes make hacking downright easy. Consider the following data points:

  • 75% of mobile apps fail even basic security tests.
  • 96% of Google Play’s top free games can be reverse-engineered.
  • 85% of the top 200 free Android apps can be decompiled.
  • 97% of all apps have no binary protection.

What’s behind this increasingly dangerous environment? A fast-paced development culture that rewards developers who quickly publish apps -- even insecure ones. Creating a safe app demands time, effort, and money -- something many developers have in short supply.

Even when developers do build security patches to known issues, users may not update their apps. On both sides of the equation, a desire to get things done quickly and conveniently undermines the need to have secure apps.

What Are Hackers After?

Many app developers mistakenly believe that their apps are not worthwhile targets, particularly if they don’t house financial or credit card data. But you don’t need a popular app, or one that connects with financial data, to be a target. Some of the information hackers seek includes:

  • Passwords. Many consumers use passwords across devices and apps, so if a hacker successfully gains access to one account, he or she may be able to access dozens more.
  • Consumer data. Birthdates, addresses, and even hobbies and other miscellaneous information can enable hackers to access other data, to construct more effective marketing campaigns, and even to sell this data to third parties.
  • Email addresses. An email address offers numerous opportunities: the chance to directly contact consumers, to guess usernames and passwords, and to sell information to marketers and other third parties.
  • Company data. Hackers can gain access to an assortment of useful information by accessing company data and code.
  • A chance to hone their skills. Some hackers hack for the fun of it, but the information they learn can be used to help them embark on more dangerous criminal hacking campaigns down the road.

It’s Not Just Hackers

The perils of mobile app hacking extend far beyond criminal's, identity thieves, and kids looking for a fun experiment. Governments and corporations routinely hack mobile apps to access user data, target potential market demographics, and even, in the case of government entities, to aid criminal prosecutions. Caution with your relationships, and particularly with the development and analytics partners you choose, can help prevent data leakage to third parties -- not just hackers.

Appsolid-Blog-Subscription

Topics: Mobile App Security

Sung Cho

Written by Sung Cho

VP, Growth & Strategy