One in Four Android Apps Have High Risk Security Flaws

Friday, February 12, 2016

Mobile developers continue to battle security issues with their apps according to a new report by NowSecure. The annual report, 2016 NowSecure Mobile Security Report, provides insight into the current state of mobile security.

According to the report a quarter of Android apps have at least one high risk security flaw, 35 percent of communications sent by mobile devices are unencrypted, and the average mobile device connects to 160 unique servers each day.

The report offers findings on these “Leaky Apps” from five popular app categories including Business, Finance, Games, Shopping, and Social. The report shows that business apps are three times more likely to leak login credentials than the average app, while game apps are one-and-a-half times more likely to include a high-risk vulnerability than the average app.

One of the problems that the report points out is that the traditional, malware-focused approach to network security does not translate to mobile as mobile endpoints differ from traditional endpoints in a number of ways:

- Lack of administrative, or “root,” access

- Complex, drawn-out patching cycles for device updates

- Operating system (OS) access-control that limits the functionality of security apps

- Constant connectivity, frequently traversing insecure and untrusted networks

- A broad attack surface spanning devices, apps, and back-end services and infrastructure

The report’s findings come from the analysis of more than 400,000 apps published on the Google Play store. NowSecure evaluated these apps using the company’s automated app security testing system which provides the ability to test mobile applications for high risk security and privacy problems including the sending of sensitive data without proper encryption.