By Arxan’s count, 97% of top paid Google (GOOG) Android Apps have been hacked; 87% of top paid Apple (AAPL) iOS apps have been hacked; 80% of the popular free Android apps have been; and 75% of the popular free iOS apps have been. Arxan is a developer of app protection tools.
Must Read: 10 Stocks George Soros Is Buying
It gets worse. Many key financial-services apps have been hacked, reported Arxan. Around 95% of popular Android financial apps have been, said Arxan. With iOS it’s 70%.
Matters are just as bad in retail where, according to Arxan, 90% of Android apps have been hacked and 35% of iOS apps have been.
A word of definition. To Arxan, a hacked app is one where a cybercriminal has opened the app’s code and “made an unauthorized injection of binary code,” explained Jonathan Carter, Arxan’s technical director. In every way that app should look exactly like the XYZ bank or brokerage app -- because it is. What’s different is that a toxic payload has been inserted.
Carter said identity theft, credit card misappropriation and other financial damage often is inflicted on victims.
The news keeps worsening. Said Jukka Alanen, an Arxan vice president, “The Black Hats are far advanced over the builders of the apps. It’s really concerning for trusted brands.”
Distribution of corrupted Android apps is straightforward. They primarily show up on third-party apps storefronts and Android allows downloads from anywhere, said Alanen.
With iOS, matters are less straightforward. For most users, most of the time, the official Apple Apps store is the only place where they can download apps. Alanen explained that the tainted Apple apps are aimed at owners of “jailbroken” iPhones, a process that strips away many of the limitations built into iPhones. For those owners there are numerous sites that provide iPhone apps but, said Arxan, many of those apps now are tainted.