Whether it’s a typo, a line of code in the wrong place, or a placeholder for testing that never got removed, developers can introduce
vulnerabilities into apps that a threat actor could exploit. It seems
Android developers seem to have the problem quite a bit, as new research suggested over 60% of Android apps had known security vulnerabilities in Q1 2021.
According to data presented by the Atlas VPN team and collected by the Synopsys
Cybersecurity Research Center, 63% of Android apps had known vulnerabilities, with an average of 39 vulnerabilities per app. The worst offenders of this 63% were gaming and financial apps, with the apps in the “top free games” category taking 96% of the total vulnerable apps.
Overall, there were “3,137 unique vulnerabilities were found in Q1 2021 that appeared more than 82,000 times across Android apps,”
according to Atlas VPN. Many of these vulnerabilities, up to 73%, had been reported in the past but remained in apps today. However, not all vulnerabilities are created equal, as only 43% of educational apps had exploitable Android vulnerabilities, which was the highest percentage of all the categories. Furthermore, only 44% of Android app vulnerabilities “were classified as high-risk, meaning they represented a tangible threat.”
However, having 63% of apps with vulnerabilities is still a high amount, even though not all vulnerabilities lead to malicious activity. Thus, it is quite feasible that millions of Android users are at risk due to their downloads. Hopefully, we will also find out about
Apple apps soon, as App Store developers likely have the same problems, so stay tuned to
HotHardware for updates.