Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


Findings Expose a Lack of Mobile Application Self-Protection for Mobile Financial, Retail/Merchant and Healthcare/Medical Apps

Arxan Technologies, the leading provider of application protection solutions released its third annual State of Mobile App Security report, which reveals that 97% of the top 100 paid Android apps and 87% of the top 100 paid Apple iOS apps have been hacked. In addition to an increase in app hacks found for commonly downloaded Popular Free apps, this year’s research also reveals evidence of widespread hacking of financial services, healthcare/medical, and retail/merchant apps; largely driven by hacks of Android apps.

Arxan’s 2014 State of Mobile App Security report updates previous years’ indicators on the prevalence of hacked apps on the two major platforms (iOS and Android).  The findings of increased app hacking is especially noteworthy amidst today’s rapid growth in global mobile app usage.  Free app downloads are forecasted to increase at a rate of 99% to reach 253 billion downloads in 2017 and paid app downloads are projected to reach almost 15 billion, a 33% increase by 2017[1].This explosion in app usage is seen across all verticals and lead by apps running on the Android mobile operating system, which continues to dominate with 85% market share[2].

The report, which comes on the heels of a number of recent mobile application-based attacks, such as Wirelurker and Masque, highlights the imminent and growing need for mobile applications to contain self-protections.  Key findings from the 2014 report include:

Top 100 Paid Apps and Popular Free App reveal widespread hacking

  • 97% of top 100 paid Android apps and 87% of top 100 paid iOS apps have been hacked – This finding of a high percentage for Android hacked apps is in line with results from prior years.  However, the iOS percentage represents a sharp increase over 2013, when 56% of iOS apps were found to be hacked
  • 80% of Popular Free Android apps have been hacked and 75% of the Popular Free iOS apps have been hacked  – The percentage of popular iOS apps hacked has steadily increased over the last 3 years 

App Hacking Targets Mobile Apps Across High Risk Verticals

  • Mobile financial apps are still at risk – 95% of the Android financial apps reviewed were “cracked” while 70% of the iOS financial apps were hacked. This is an increase in both cases, with Android’s growing about 80%
  • 90% of Retail/Merchant Android apps and 35% of Retail/Merchant iOS apps have been compromised – Hackers are targeting growth in B2C retail apps, as stores launch mobile payment/wallet services, and in B2B merchant point-of-sale apps.  In both cases sensitive data, IP, and financial transactions are at risk
  • 90% of Android Healthcare/Medical apps have been hacked, 22% of which are FDA approved

Proactive measures to protect against application risks are being championed by industry leaders such as Gartner’s application security analyst, Joseph Feiman.  In Feiman’s recent Maverick report, he advises CISO’s to “Make application self-protection a new investment priority, ahead of perimeter and infrastructure protection.”  “Runtime Application Self Protection (RASP) is designed to protect applications by adding protection features into the application runtime environment.”[3]

Echoing security leaders, Arxan’s State of Mobile App Security report includes key recommendations to improve the security of mobile applications.  Among other recommendations, the report recommends that:

  • Applications with high-risk profiles running on any mobile platform should be made tamper-resistant and capable of defending themselves and detecting threats at runtime
  • All applications should be developed to maintain the confidentiality of the application/code
  • The software that is used to enable mobile wallets/payment apps (e.g., Host Card Emulation software) should be protected with secure crypto and app hardening.
  • Organisations should consider mobile app assessments to assess if existing apps are exposed to risks that are unique to mobile environments. Also, as part of the mobile app development lifecycle, organisations should conduct Penetration Tests that, among other things, should assess vulnerability to reverse engineering and tampering that can result from unprotected binary code.

Arxan’s 2014 “State of Mobile App Security” report and supporting Infographic are now available.  The findings were based on analysis of 360 apps, including 100 top paid and the same 20 popular free apps from each platform, as well as 40 apps in the financial services, retail/merchant, and healthcare/medical categories (20 apps per platform).

“The pursuit of greater mobile application security remains at the forefront our research and development initiatives,” said Jonathan Carter, technical director at Arxan.  “We continue to evolve our security innovations based on emerging threats to ensure the strongest application protection for our customers in the dynamic battlefield against hackers.”