Hacked Versions of Popular Mobile Apps Widespread, Report Finds

A new report from Arxan Technologies says that there are hacked versions of almost all of the most popular applications available in Apple and Google’s mobile app stores being sold in third-party markets. 

The report, ‘State of Security in the App Economy: Mobile Apps Under Attack,’ states that tampered applications have proliferated extensively, with 92 percent of the Top 100 paid iOS applications and 100 percent of the Top 100 paid Google Android applications having been hacked. The situation opens users up to security risks and underscoring the importance of protecting the integrity of mobile applications against attacks.

“The research covers hacks, cracks, and breaches to applications that the application vendor / owner does not allow,” report author and Arxan vice president Jukka Alanen explained.

This includes disabled or circumvented security such as cracked encryption; unlocked or modified features; pirated copies, ad-removed versions and versions laced with malware.

“All of these attacks can cause significant damage to the application vendor / owner and the fact that over 90 percent of top mobile apps were found as hacked versions illustrates the ease of breaching applications and the widespread nature of the hacking problem,” he said. “As for malware, for instance, 86 percent of Android malware are repackaged versions of legitimate applications.”

The apps came from various industries including financial services, social networking apps and others. Free applications are not immune either – 40 percent of the 15 most popular free iOS apps and 80 percent of the top 15 free Android apps had hacked versions available as well.

“In general, given the widespread existence of hacked versions of mobile apps, it’s important for end-users to exercise due care and caution when downloading and installing applications – e.g., to know what they’re downloading, [and] from where,” Alanen said.

The report also suggested organizations focus app security initiatives on protecting mobile apps against tampering and reverse-engineering attacks, in addition to securing them against vulnerabilities.

“Build protections directly into the app — harden the code against reverse-engineering, and make the app tamper-proof and self-defending — to counter how hackers attack an app,” the report advised.