On June 13th, at the 4th Tencent Security International Technology Summit (TenSec 2019), Tencent Security Cohen Lab released the “2018 Android Application Security White Paper” (hereinafter referred to as “White Paper”). The white paper shows that more than 98 % of Android apps have security risks, of which audio and video playback applications are the riskiest.
The “White Paper” is based on Tenk Security Cohen Lab’s self-developed Android application automation vulnerability scanning system – ApkPecker, which selected 1404 app applications with a high download volume in 2018. Vulnerability scanning found that over 98% of applications have different types of issues. The main causes of security risks include hidden dangers of system development, difficulty in monitoring vulnerabilities, insufficient protection capability, and delay in repair management.
Among them, audio and video playback Android applications have the highest number of security risks, followed by communication social and online shopping applications. Compared with other types of mobile applications, these three types of applications have rich product features and interactions and have high user retention. Once the security risks are there, the magnitude and scope of the affected users will be much larger than expected.
According to the detection data of Android application automation vulnerability scanning system-ApkPecker, the security risks faced by Android applications can be divided into application scenario exploits and service background vulnerability attacks. Among them, the “White Paper” shows that in this sample test for 1404 Android applications, the lack of user information privacy mechanism increases the security pressure of mobile applications. The resulting security incidents are frequently caused, which brings great harm to the user’s information, accounts and funds.
At the same time, the White Paper also combines security risk triggering scenarios, focusing on data leakage, inter-component communication, and SDK, Native third-party vulnerabilities and other security risks frequently appearing in current mobile applications. Of the 1404 samples tested, 74% of the applications were at risk of denial of service attacks. The developer’s checksum exception handling of the external input data of the exposed component is the main cause of malicious security incidents between components. At the same time, it will increase the risk of the combination of exploits and cause a large amount of information leakage.
Because mobile application developers directly call third-party libraries for application development, they do not pay attention to the security of their code. As a result, nearly 50% of the samples tested have SDK vulnerabilities and are over 58%. The application is thus threatened by the Native library vulnerability, which greatly increases the difficulty of APP security management. The fragmentation and difficult traceability features of the application will even lead to a vicious circle of security risks.
Right now when compared to the whole Android app ecosystem, Apple’s App Store definitely feels like the better choice. They have stringent security measures in place and approve apps only after rigorous tests. Thus people find it easier to trust Apple products. Android apps really need a much higher level of screening to avoid malicious apps entering the Play Store!
So guys what do you think? Would Google’s Android platform be ever at par with competing Apple App store? Do let us know what you think in the comments section below! And don’t forget to subscribe to Inspire2Rise for more timely tech updates!
Keep visiting for more such awesome posts, internet tips, gadget reviews, and remember we cover,
“Everything under the Sun!”