Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Cybercriminals clone pirate versions of top Android and iOS apps

Third-party markets now a parallel app universe

Article comments

Cybercriminals are using third-party app sites to peddle reverse-engineered or ‘pirate’ versions of almost all the most popular paid apps available on the Google Play and Apple App Stores, software firm Arxan has discovered.

The firm uncovered this parallel app universe in a similar piece of research last year and for 2013 not much appears to have changed.

Looking at a total of 230 apps – the top 100 paid apps and top 15 free apps for Android and iOS – Arxan found that 100 percent of the top paid apps on Android and 56 percent on iOS were being impersonated in a compromised form on grey markets.

For free apps, the analysis found that 73 percent of Android apps in the top 15 existed in a bogus form on third-party stores, slightly worse than the 53 percent for iOS. Arxan also looked at popular financial apps, 20 from each platform, finding that a half of the Android samples existed as hacked versions with a quarter for Android.

“The widespread use of “cracked” apps represents a real and present danger given the explosion of smartphone and tablet use in the workplace and home,” said Arxan CTO, Kevin Morgan.

“Not only is IP theft costing software stakeholders millions of dollars every year, but unprotected apps are vulnerable to tampering: either through installed malware or through decompiling and reverse engineering – enabling hackers to analyze code and target core security or business logic that is protecting or enabling access to sensitive corporate data.”   

Important qualifications should be made when presenting this in terms of the real-world threat. In countries such as the US and UK, third-party stores (aside from dedicated stores such as Amazon’s) have a very small market presence. On iOS it is not possible to even use a third-party store unless the device has been jailbroken, which limits the numbers visiting them to a small fringe.

The vast majority of users are unlikely to ever encounter these pirate apps although is also true that Google doesn’t exactly have an unblemished record at keeping bogus knock-off apps out of its own store.

Still, Arxan had detected that some of the grey apps had been downloaded half a million times, most probably to smartphones in countries where third-party sites have a stronger cultural presence.

“[This] gives a sense of the magnitude of the problem especially as we embark upon a season of high consumer activity that will involve payment transactions, and consumption of products and services via the mobile endpoint,” said Morgan.

Arxan’s larger message is really for app developers themselves, which it said should resist reverse engineering by deploying code protection technology to defeat static and runtime attacks. Pirated apps depended on being able to replicate legitimate apps so this form of security was essential, he said.

“The challenge for greater mobile application security remains significant and core recommendations for improving mobile application security need to be integrated early in the application development lifecycle and made a key component of any mobile first strategy.”



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *