Too many apps in Apple and Google app stores have been targeted for hacking. The security experts point out that financial apps on Android are the most vulnerable. In most cases, applications have been hacked and uploaded to 3rd-party stores or Google Play in a bid to capture credentials from consumers, or to operate maliciously, or to defraud the app’s creator by removing adware elements.
Security experts admit that hacked apps are showing up in various storefronts, like Cydia, in a decrypted state, so by definition the software has been hacked. The specialists have seen multiple examples where there has been some tampering with the original code. In the meantime, financial apps are a particular concern, because people trust them with sensitive data, like bank account numbers and passwords. It was found that 23% of sample iOS financial apps had been hacked and reposted, as well as 53% of Android financial apps.
As you know, Android users are able to download apps from 3rd-party stores through setting on their devices, while iOS users have to “jailbreak” their device to do so. In other words, they voluntarily use a hacking attack to give themselves the equivalent of “root” privileges for installing software. Thus far, iOS 7 hasn’t been jailbroken.
However, even Google’s official Play store itself can be a source of malware and hacked applications. A few months ago BlackBerry had to halt the rollout of its BBM app for Android because a hacked version appeared in the Play store before the official one and had been downloaded over a million times. The experts also warn that it’s easy for people to upload a “Bank of America” app onto Google Play and use freely available data about the bank, while fooling users. It is believed that Google Play isn’t a vetted app store, having a lot of cruft, while in the Apple Store users are almost certain to see only legitimate apps. So, hacked code is not a significant problem in Apple’s App Store, as the company vets all apps before uploading them onto its App Store. As for Google, it will remove apps only after the complaints emerge or if they are detected as having malware. Both Google and Apple platforms have a “kill switch” that is able to retrospectively delete malicious installed apps from the devices.
Security experts admit that hacked apps are showing up in various storefronts, like Cydia, in a decrypted state, so by definition the software has been hacked. The specialists have seen multiple examples where there has been some tampering with the original code. In the meantime, financial apps are a particular concern, because people trust them with sensitive data, like bank account numbers and passwords. It was found that 23% of sample iOS financial apps had been hacked and reposted, as well as 53% of Android financial apps.
As you know, Android users are able to download apps from 3rd-party stores through setting on their devices, while iOS users have to “jailbreak” their device to do so. In other words, they voluntarily use a hacking attack to give themselves the equivalent of “root” privileges for installing software. Thus far, iOS 7 hasn’t been jailbroken.
However, even Google’s official Play store itself can be a source of malware and hacked applications. A few months ago BlackBerry had to halt the rollout of its BBM app for Android because a hacked version appeared in the Play store before the official one and had been downloaded over a million times. The experts also warn that it’s easy for people to upload a “Bank of America” app onto Google Play and use freely available data about the bank, while fooling users. It is believed that Google Play isn’t a vetted app store, having a lot of cruft, while in the Apple Store users are almost certain to see only legitimate apps. So, hacked code is not a significant problem in Apple’s App Store, as the company vets all apps before uploading them onto its App Store. As for Google, it will remove apps only after the complaints emerge or if they are detected as having malware. Both Google and Apple platforms have a “kill switch” that is able to retrospectively delete malicious installed apps from the devices.
No comments:
Post a Comment