The hype around Cryptocurrency is at an all-time high. As per the stats, it’s estimated that the number of unique active users of Cryptocurrency wallets is somewhere between 2.9 – 5.8 million.
So even if you haven’t invested in Crypto, It’s hard to turn a blind eye to its impressive success. Bitcoin – Crypto’s leading platform is currently valued at $11,395, a far cry from it’s first ever recorded value – $0.012654.
Still its success aside, for any investor in Cryptocurrency their prime concern has to be transaction’s security. Well, the truth is going to alarm you, more so if you’re an Android user. 90 percent of the most popular Cryptocurrency mobile apps on Google PlayStore contain at least two high-risk issues. That’s as per a report by a Swiss cyber-security firm High-Tech Bridge.
As Bitcoin and various other cryptocurrencies gain more popularity and reach further higher trading prices, the users are likely to be exposed to more theft and other financial fraud motives.
As part of the app’s security analysis, some 90 apps were put to the test. They were further categorized based on the number of installations or their popularity.
Of the top notable 30 apps with more than 500,000 installations, 94 percent were found to have three medium risk vulnerabilities, and 77 percent consisted at least two high-risk vulnerabilities. 17 percent of the applications had a vulnerability to MITM attacks putting all the user’s data at extreme risk of being hijacked.
On top of that, only 44 percent of the applications use hard-coded sensitive data, while 66 percents are using anachronistic security functionality that exposes user’s privacy to a variety of threats. More shockingly 94 percent lacked any sort of hardening or protection of their backend APIs or web services.
The stats weren’t inspiring from the less popular apps either. Overall, not even a single app had any protection functionality against reverse engineering. 84% showed at least two high-risk vulnerabilities, an alarming 61% were transmitting data in an unencrypted form over HTTP, and making matters worse, 47% were found to be vulnerable to man-in-the-middle attacks.
Long story short – “People are at a huge risk of being robbed of their money.”
Chink In The Armor
Well for some of the security professionals, the research doesn’t come as a surprise. For a long time, Cyber security firms have been cautioning mobile app developers of the risks inherent in the Agile development, referring to a lack of framework to guarantee secure design, secure coding and rigorous security testing.
What’s more worrying is that these findings might be a signal of something more sinister than what appears on the surface. Mobile apps are powerful, in that they can help accomplish a lot of things, but that same power can be destructive if it gets to the wrong hands. A backend is where the soul of the app resides. If the security of the backend is compromised, the user’s private data is open to be misused to by the attackers.
What’s The Remedy?
Is there any solution to these horrifying findings? Well, obviously the vulnerabilities are limited to the Android platform, which does suggest it’s not an issue widespread throughout the mobile app industry. To eliminate any security vulnerabilities and loopholes in the mobile applications, developers have got to get ultra-vigilant with security and privacy techniques right from the beginning. The app’s internal and external security testing is also quite significant and should be performed from time to time.
The bigger improvement would be the implementation of GDPR, so far only limited to the countries that are within the European Union. GDPR mandates security regulations in app development as early as possible to ensure apps hold up to the standards for modern security requirements.
That would mean adapting the development style for many of the developers, who were thus far happy to create apps as they liked. Sure enough, any mobile app that stores user’s confidential data, be it a cryptocurrency or otherwise, it has to guarantee safety against any possible threats.