Posted On 20 Oct 2018
A report published by the American Consumer Institute has suggested that many popular Android apps from Google Play use unpatched open source code that could put users at risk. More than one-third of the open-source security risks that have been uncovered in the last 17 years have been discovered in just last year alone, suggesting that the risk of security flaws is increasing at a rapid rate. Around 90% of software now uses open source elements. Analysts fear that app developers aren’t doing enough to inform users about security risks and how they can update their software, with the broad assumption being that everyone uses automatic updates, which is not the case.
Smartphones are one of the most popular ways to use apps; however, they also happen to be one of the easiest to hack. The authors of the report tested 330 apps and found that 105 of them were vulnerable, with nearly half of those being critical/high risks. On average, each app tested had 19 separate vulnerable points that hackers could exploit; these apps included some of the most popular banking applications, e.g., Bank of America’s app contained 34 critical vulnerabilities, and Wells Fargo had 35.
Part of the problem lies with the users of apps, who will sometimes download malware unintentionally. Once this malware has been installed in the device, it can start to take advantage of weaknesses in other apps. The report notes that app developers must take firm action to protect devices against both external hacking and this form of internal infiltration.
Some of the more dangerous apps get onto smartphones because, unlike Apple, the Google Play Store does not run strict security checks on the apps that are available to users. The report suggests that app providers, developers, and users need to take more collective responsibility to protect devices against attack and that this would represent a more effective solution than attempting state intervention. In particular, Google should implement stricter vetting procedures for app developers before they are permitted to sell apps to the public. In addition, the apps that are available should be tested more thoroughly.
The app developers must ensure that security is built into their products from the ground up and that they model threats in the testing process. They should also make sure that Android developers know how to create secure code, and regularly test the security of their apps even after they have been released.