High-level vulnerabilities discovered in 84% of Android shopping apps
More than 84% of the shopping apps have three or more high-level security vulnerabilities, according to a security assessment by Appknox and Seworks.
A total of 274 vulnerabilities were detected among the top 50 Android mobile shopping apps, and all had security risks. The apps were tested across 34 different security testing categories.
94% of the apps failed an Unprotected Exported Receivers test
Android apps export receivers, which respond to external broadcast announcements and communicate with other apps. For instance, when Receivers are not protected — hackers can modify the app’s behavior as they wish, and insert data that doesn’t belong to apps.
70% of the apps were found to be affected by Unprotected Exported Activities
Activities are executed via authorized access. When an Activity is exported with no protection, it can be remotely launched outside of the app. This may allow hackers to access to sensitive information, modify the internal structure of the applications, or deceive a user into communicating with the compromised application while believing they are still interacting with the original application.
64% of the apps were affected with App Extending WebView Client
When WebView Clients are not correctly protected in-app extensions, attackers can deceive users into inputting sensitive personal information in fake or copied apps, resulting in loss of user data, damages and SSL compromises.
“Mobile shopping experience is becoming extremely convenient with options to store the consumer’s credit card and shipping address information. Often times, shoppers simply need to click on the purchase button on an app to complete their shopping, without entering any additional information. However, do those apps have sufficient security measures? That’s the key question we wanted to ask and that is what our report helps answer.” said Sung Cho, VP of Growth and Strategy for AppSolid.