Binary scans find vulnerabilities in one in five Android apps

Binary scans find vulnerabilities in one in five Android apps
By | | TechForge Media
Ryan is a senior editor at TechForge Media with over a decade of experience covering the latest technology and interviewing leading industry figures. He can often be sighted at tech conferences with a strong coffee in one hand and a laptop in the other. If it's geeky, he’s probably into it. Find him on Twitter (@Gadget_Ry) or Mastodon (@gadgetry@techhub.social)

Research conducted by binary-level security and compliance testing company Insignary has found vulnerabilities in one in five Android apps.

Insignary tested 700 of the most popular Android apps on the Google Play Store for the research. Their Clarity system was put to work for the first time analysing APKs for known open source vulnerabilities.

Here are some of the key findings:

  • The binary scans indicate that the Android apps available on Google Play Store by the top software vendors contain versions of open source components with security vulnerabilities. Out of the 700 APK files scanned, 136 contain security vulnerabilities.

  • 57% of the APK files with security vulnerabilities contain vulnerabilities that are ranked as “Severity High,” meaning that the deployed software updates remain vulnerable to potential security threats.

  • 86 out of the 136 APK files with security vulnerabilities contain vulnerabilities associated with openssl.

  • 58 out of the 136 APK files with security vulnerabilities contain vulnerabilities associated with ffmpeg and libpng. The prevalence of these open source components can be attributed to the abundance of images and videos in mobile applications.

  • Interestingly, three of the APK files scanned contain over five binaries with security vulnerabilities. The majority of APK files with vulnerabilities contain one-to-three binaries with security vulnerabilities.

  • 70% out of the top 20 apps in the “Games” category contain security vulnerabilities.

  • 30% out of the top 20 apps in the “Sports” category contain security vulnerabilities.

  • This study demonstrates that 1 in 5 APK files does not utilise the correct, most up-to-date versions of the OSS components available.

The use of outdated components are often a cause for security vulnerabilities. Insignary found new versions of the components which had vulnerabilities were often available to address the problems.

Developers and users can test APKs by visiting the free site TruthIsIntheBinary before installing.

What are your thoughts on the findings? Let us know in the comments.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *