Express Computer
Home  »  Security  »  75% of India’s top 100 Android apps have contained security risks: Appknox Report 2022

75% of India’s top 100 Android apps have contained security risks: Appknox Report 2022

0 291

Bangalore, June 28th, 2022: Appknox, a leading mobile security testing platform has released a report today, titled, “Evidence-based Insights – India’s Top 100 Android Mobile Apps tested for Cybersecurity”. Over the past few years, our dependencies on apps have increased tremendously. These apps have access to so much sensitive data, Appknox helps businesses and customers understand the security risk.

According to research by the Data Security Council of India (DSCI), India’s cyber security industry nearly quadrupled during the pandemic, with revenues from cyber security goods and services rising from $5.04 billion in 2019 to $9.85 billion in 2021. Rapid digitalization, more regulatory attention on data and privacy, and growing boardroom understanding of cyber dangers, among other factors, all contributed to the surge. Given the buzz and awareness for cybersecurity, it becomes essential to perform reality checks and analyse where the Indian Android App market stars stand in terms of cybersecurity performance.

In this report, Appknox presents the mobile security assessment report of the Top 100 android mobile app. Here’s why the company chose 100 Indian Apps:

India is now the 1 country globally regarding the number of apps installed and usage per month (Source: Forbes). With one of the largest user bases and the volume of critical data at risk, it becomes essential to assess the security performance of some of the most popular and trusted Indian apps.

Appknox put all the 100 applications through a rigorous automated testing process using Appknox, our mobile app security solution. As a part of this security testing process, each application went through 14 different test cases. According to security standards accepted globally, all these tests are the basic security checks that each mobile application should ideally go through. These checks help determine essential parameters like how data is being stored by the app, how much is shared and accessible, are payments secure, is there a possible loophole that can lead to data leakages, and more.

Harshit Agarwal, CEO of Appknox said, Be it the early birds or the giant Fortune 500 companies, Appknox has ever been instrumental in building a safe and secure mobile ecosystem for businesses all over the globe by utilizing its system plus human approach to beat the hackers at their own game. We put together this report so that app developers realize the importance of creating apps with no vulnerabilities.”

What were the Most Prominent Vulnerabilities Detected in these Apps?

The research found that some of the most prominent Indian apps lag on even the most basic security checks. Some of the critical vulnerabilities detected in these apps included:

  1. 79% of the Apps were affected by Network Security Misconfiguration: Organisations should keep the minimum information necessary. IfeBay wouldn’t have stored unnecessary information like dates of birth and addresses, the risk of identity theft after the attack would have reduced massively.
  1. 79% of the Apps had Disabled SSL CA Validation and Certificate Pinning: Certificate Pinning is the process of associating a host with their expected X509 certificate or public key. When a certificate or public key is seen on a host, it is associated or “pinned” to that host. Suppose more than one certificate or public key is acceptable. In this case, the advertised identity must match one of the elements in the pinset.
  1. 78% of the Apps lacked sufficient code obfuscation: Java source code is typically compiled into Java bytecode – the instruction set of the Java virtual machine. The compiled Java bytecode can be easily reverse-engineered back into source code by freely available decompilers. Bytecode Obfuscation is the process of modifying Java bytecode (executable or library) so that it is much harder to read and understand for a hacker but remains fully functional. Insufficient obfuscation might lead to threat actors decompiling or reverse-engineering the code.
  1. 42% of the Apps had Insufficient Transport Layer Protection: Insufficient transport layer protection issues happen when the data is sent from the mobile app to the server over unsecured channels. Whether the data is transmitted through the carrier network or WiFi, it will end up through the Internet before it can reach the remote server. Insufficient transport layer protection issues happen when the data is sent from the mobile app to the server over unsecured channels. Whether the data is transmitted through the carrier network or WiFi, it will end up through the Internet before it can reach the remote server.

Some Mobile App Security Best Practices to Mitigate these Risks:

Mobile applications must be created in a manner to run in a hostile environment prone to frequent attacks. And given the widespread vulnerabilities detected in Indian Android apps, it’s high time businesses adopt these mobile app security best practices.

Do Not Hardcode Credentials: It has frequently been seen that available credentials are put

to hardcore by mobile app developers. Also, rather than waiting for users to authenticate credentials for applications, here credentials and services used by the applications are put to authentication.

Reduce App Permissions: Permissions empower apps, but this also creates many risks. Unnecessary permissions, even in a legitimate app, can result in causing privacy and compliance hazards and become a target for attackers.

Certificate Pinning Should be Used Wherever Possible:  Mobile applications get connected from unsecured networks rather than from protected web applications most of the time. This is certainly because these apps are always used on the go. One of the best techniques to counter attacks such as

man-in-the-middle attacks that can occur over these networks are through certificate pinning.

Switch to Automated Mobile Application Security Testing: Enterprises should conduct regular security testing on the application to prevent vulnerabilities present in the application and ensure best coding practices that are secure as well.

Maintain Compliance With Standards and Regulations: Ensure your app complies with the leading industry standards like OWASP (Open Web Application Security Project) , PCI DSS ( Payment Card Industry Data Security Standard), GDPR (General Data Protection Regulation), and ISO:27001. This would enhance the security readiness of your app and strengthen the trust among your customers.

Upgrade to DevSecOps: DevSecOps lets you address security issues right from the get-go with little to no effort in addressing every security issue that causes potential risks. This could also be your business’s

potential competitive advantage for faster time to market and uninterrupted business activities.

Appknox offers one of the most advanced plug-and-play security solutions embedded with astute vulnerability assessment and penetration testing tools that help security experts and developers build the safest mobile applications. Appknox SAST (Static application security testing), DAST (Dynamic application security testing), and APIT (Application Program Interface Testing) is the best way to ensure that your code is secure. VA (Vulnerability Assessment) tools identify and eliminate security vulnerabilities and software defects early in development. That helps to ensure that your software is secure, reliable, and compliant.

Appknox VA helps you:

  • Identify and analyze security risks and prioritize severity based on the CVSS(Common Vulnerability Scoring System) reporting
  • Perform real-time fast and API to further down on the vulnerabilities
  • Fulfill standard compliance requirements
  • Verify and validate through testing
  • Achieve compliance and get certified faster

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image