Mobile apps show growing threat landscape

Photo by ArtHouse Studio

As cybersecurity threats grow worldwide, HyperG Smart Security, is highlighting the major vulnerabilities and threat vectors of mobile apps while offering solutions for developers across both Android and iOS.

Recent insights from the 2023 Global Mobile Threat Report by mobile security vendor Zimperium highlight an alarming surge in detected vulnerabilities. The report found “a 138% increase in critical Android vulnerabilities discovered in 2022, while Apple iOS accounted for 80% of the zero-day vulnerabilities actively being exploited in the wild.”

On top of growing threat levels, a survey from the organization OWASP (Open Worldwide Application Security Project) identified that a frequent oversight in mobile app development is the absence of memory protection against debugging capabilities.

“Mobile apps are flourishing, particularly gaming apps,” noted Allen Lin General Manager at HyperG Smart Security. “In this dynamic world, staying ahead of threats is not an option, but a necessity. Hacks of mobile apps share several factors in common, and we’re addressing these with solutions for developers to stay multiple steps ahead.”

With app source code as the main aspect to keep protected, HyperG Smart Security has identified the major vulnerabilities in the mobile app threat landscape:

  • Reverse engineering: Apps are susceptible to hackers reverse engineering an app by decompilation, which enables them to directly view an app’s source code and expose weaknesses. In turn, hackers can then recreate and repackage it into a counterfeit app.
  • Anti-debugging: Due to inadequate memory, debugging can enable unauthorized control of the app, leading to extraction of both app and user data.
  • Lack of encryption: Without effective encryption, a staggering 80% of app data is readily accessible to hackers. User data is also exposed, and lack of encryption further enables man-in-the-middle attacks that intercept processes between the app and the server.
  • Integrity protection: Through reverse engineering, genuine apps can be repackaged into deceptive versions, misleading users and jeopardizing data.

When selecting security tools for mobile app development, support for both iOS and Android and compliance with MAS or OWASP criteria are key factors to consider.