60% of the most downloaded Android apps have at least one vulnerability, Synopsys found. On average, each such program has 39 information security problems. In total, the company discovered 3,137 unique vulnerabilities. All of them can potentially provoke confidential data leakage.
According to Synopsys, vulnerabilities appear in applications as a result of developers using fragments of open source code that were written a long time ago, but continue to be used in their original form to this day.
Nikolay Anisenya, head of the mobile application security research group at Positive Technologies, explained that developers often use open source code because it allows companies to save time and money, as well as avoid common programming mistakes.
Vulnerabilities are not caught in old codes, sometimes, consciously. After all, code verification is an expensive procedure that not every development company can afford.
“As a rule, developers of mobile games and applications first of all try to release a product to the market as soon as possible and start making money before someone else implements their idea. The development and implementation of security at the initial stage will greatly increase the release time of the product, ”says Sergey Nenakhov, Head of the Information Security Audit Department at Infosecurity.
Anton Ponomarev, Director of ESET Corporate Business Department, believes that by the end of 2020, the problem of mobile application security has become more urgent. Indeed, during a pandemic, their audience has noticeably changed and has become more attractive to cybercriminals.
“Before the pandemic, games were at the top of application use, and 2020 pushed forward business applications, vulnerabilities in which could do much more harm,” Ponomarev shared his opinion.
Read more in the exclusive material from Izvestia:
Wild Code: Vulnerabilities Found in 60% of Popular Android Apps