Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Majority of Top 100 Paid iOS, Android Apps Have Hacked Versions: Report

Report Shows Increase in Number of Hacked Mobile Apps

Report Shows Increase in Number of Hacked Mobile Apps

The third annual State of Mobile App Security report published by application protection solutions provider Arxan Technologies shows that cybercriminals have created hacked versions of most of the top Android and iOS applications.

According to the report, which is based on the analysis of 360 mobile applications, there are cloned or repackaged versions for 97% of the top 100 paid Android apps, and 87% of the top 100 paid iOS apps. In the case of iOS applications, the number of hacked programs has increased considerably compared to last year (from 56%).

Of the 20 most popular free applications, 80% of those for Android and 75% of those for iOS have been hacked, Arxan said.

When it comes to financial services applications, the study shows that a large percentage of the top 20 apps on each platform have been cloned or repackaged by malicious actors. In the case of Android applications, the percentage of hacked apps increased from 76% to 95% over the past year, while iOS app hacking increased from 30% to 70%.

Hacked Mobile ApplicationsAs far as the top 20 retail applications are concerned, only 35% of iOS apps have been hacked. However, the report shows that 90% of the top Android retail apps have been targeted by cybercriminals.

In the healthcare/medical category, researchers found that 90% of Android apps have been hacked. A worrying fact is that 22% of these applications have been approved by the United States Food and Drug Administration (FDA).

The report also contains a series of recommendations for application developers. Experts advise developers to ensure that applications with high-risk profiles are tamper-resistant and capable of detecting threats at runtime. In the case of payment applications and mobile wallets, they must be protected with app hardening and secure crypto, Arxan said.

The number of free application downloads is expected to reach 253 billion by 2017 so it’s not surprising that malicious actors are increasingly turning their attention to mobile platforms. While Apple’s iOS operating system is considered more secure than Google’s Android, it’s not completely immune to threats. A perfect example is the recently discovered WireLurker malware which is said to have infected hundreds of thousands of devices in China.

“The pursuit of greater mobile application security remains at the forefront our research and development initiatives,” commented Jonathan Carter, technical director at Arxan. “We continue to evolve our security innovations based on emerging threats to ensure the strongest application protection for our customers in the dynamic battlefield against hackers.”

The complete State of the Mobile App Security report is available online. The research was conducted in October 2014 and is based on the analysis of applications found in unofficial app stores, app distribution sites, torrent websites, and file download services.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


More than 3,800 servers around the world have been compromised in recent ESXiArgs ransomware attacks, which also include an improved process.