App developers rarely ever reveal all of the secrets that are hard coded into their apps because of the fact that this is the sort of thing that could potentially end up giving their competitors an edge over them. In spite of the fact that this is the case, recent studies have shown that thousands of Android apps continuously leak sensitive data that developers would want to keep private.
Cybernews recently did some research which studied and analyzed around 30,000 Android Apps. With all of that having been said and now out of the way, it is important to note that over half of these apps are leaking hard coded secrets such as API keys, data from Google Storage as well as database access. Hackers who aren’t all that skilled can easily take advantage of this by obtaining sensitive information that can unveil the inner workings of apps with all things having been considered and taken into account.
Much of this problem can’t be attributed to the apps themselves, but rather the practice of hard coding secrets in the first place. Just under 56% of all of these apps had secrets hard coded into them on the client side, and the lack of adequate cyber security infrastructure on that end makes it incredibly easy for malicious actors to try to break in.
Health and fitness apps turned out to be the worst offenders once all has been said and is now out of the way. Around 8,654 apps in this category were found to possess hard coded secrets, followed closely by education apps 8,161 of which contained secrets that had been hard coded.
Many of these apps don’t have secured databases, so they are essentially giving any malicious actor that can break into these hard coded areas free access to all manner of client data. This is both a reputational risk for the developers as well as a privacy risk for users, so a lot of work would need to be done to change the prevalence of this phenomenon. A few common sense security protocols can make matters a bit better.
Read next: Apple Launches Security Updates To Backport Patches For Its Older iPhones And iPads
Cybernews recently did some research which studied and analyzed around 30,000 Android Apps. With all of that having been said and now out of the way, it is important to note that over half of these apps are leaking hard coded secrets such as API keys, data from Google Storage as well as database access. Hackers who aren’t all that skilled can easily take advantage of this by obtaining sensitive information that can unveil the inner workings of apps with all things having been considered and taken into account.
Much of this problem can’t be attributed to the apps themselves, but rather the practice of hard coding secrets in the first place. Just under 56% of all of these apps had secrets hard coded into them on the client side, and the lack of adequate cyber security infrastructure on that end makes it incredibly easy for malicious actors to try to break in.
Health and fitness apps turned out to be the worst offenders once all has been said and is now out of the way. Around 8,654 apps in this category were found to possess hard coded secrets, followed closely by education apps 8,161 of which contained secrets that had been hard coded.
Many of these apps don’t have secured databases, so they are essentially giving any malicious actor that can break into these hard coded areas free access to all manner of client data. This is both a reputational risk for the developers as well as a privacy risk for users, so a lot of work would need to be done to change the prevalence of this phenomenon. A few common sense security protocols can make matters a bit better.
