OPINION: Latest Research Shows Your Android Apps Aren’t As Secure As You Think


Steve Pociask President, American Consumer Institute
Font Size:

new study shows that many popular apps on our smartphones contain known vulnerabilities that are not being patched by applications providers, leaving consumer information and devices at risk.

The new study, conducted by the American Consumer Institute, provides a glimpse into the magnitude of this problem by conducting an analysis of the most popular Android applications on consumer smartphones and tablets. In particular, the study looks at which apps are potentially being left unpatched for known risks, making them more susceptible to cybercrime.

The report analyzed 330 of the most common Android apps in the United States and finds 32 percent (105 apps) to contain known security vulnerabilities. Forty-three percent of the vulnerabilities found were categorized as “high risk” or “critical,” indicating that little expertise would be needed to cause severe damage to systems.

In all, across all severity levels, 1,978 vulnerabilities were found in the sample – that’s 19 vulnerabilities for the those identified as having risks.

Software has become ubiquitous in our daily lives, directing the devices and applications at the center of modern commerce, the digital economy, and our critical infrastructure. Yet despite the rapid, and beneficial, growth in applications, cyber attacks have become are more far-reaching and consequential than we could have imagined even a few years ago. Data breaches are on the rise in businesses large and small, putting companies and consumers at risk.

The annual cost of cybercrime to consumers, companies and governments is expected to reach $2 trillion by 2019, not counting the personal anxiety and behavioral changes that cyber-fears provoke.

The growing threat of cybercrime is exacerbated by the widespread use of open source code by companies and app developers. The 2017 Forrester Research report highlighted the open source code’s preeminence in application development, with custom code comprising only 10 percent to 20 percent of applications.

Relying on open source software allows companies to lower development costs, shorten production time, and accelerate innovation. But as open source code becomes more widely used, hackers face a target-rich environment. And since, unlike commercial software where updates are automatically conveyed to users, open source users are responsible for keeping track of vulnerabilities and installing necessary patches, many users are simply unaware of the security vulnerabilities that exist in the software they use.

This problem is particularly severe among mobile apps. According to some analysts, about 20 percent of the most popular Android software apps in the Google Play Store contain open source components known to harbor security vulnerabilities ripe for exploitation by hackers.

The new study results corroborate the findings of other reports and highlight the fact that this issue has not generated the attention it deserves.  To make matters even worse, over 40,000 open source vulnerabilities have been reported in the past 17 years, with more than 14,000new vulnerabilities discovered in 2017 alone.

Even though open source is an essential element in application development today, companies are too often blind to the security issues in their software which can have disastrous consequences for both themselves and their consumers.

Without addressing these known security flaws, consumer devices could be compromised and data could be stolen, leading to malicious activity, identity theft, fraud or corporate espionage.

Steve Pociask is president and CEO of the American Consumer Institute, a nonprofit educational and research organization.  For more information about the Institute, visitwww.TheAmericanConsumer.Org or follow us on Twitter @ConsumerPal.

The views and opinions expressed in this commentary are those of the author and do not reflect the official position of The Daily Caller.