75% Android apps contain security risks

Android application vulnerabilities have become a problem because of Google play’s open format, and also because users can sideload apps, removing any oversight regarding the safety of apps.

According to research by the Data Security Council of India, India's cyber security industry nearly quadrupled during the pandemic, with revenues from cyber security goods and services rising from $5.04 billion in 2019 to $9.85 billion in 2021.

Rapid digitalization, more regulatory attention on data and privacy, and growing boardroom understanding of cyber dangers, among other factors, all contributed to the surge. Given the buzz and awareness for cybersecurity, it becomes essential to perform reality checks and analyse where the Indian Android App market stars stand in terms of cybersecurity performance.

Over the past few years, our dependencies on apps have increased tremendously. India’s Top 100 Android Mobile Apps were tested for Cybersecurity. These apps have access to so much sensitive data and customers understand the security risk. India is now the #1 country globally regarding the number of apps installed and usage per month. With one of the largest user bases and the volume of critical data at risk, it becomes essential to assess the security performance of some of the most popular and trusted Indian apps.

The research found that some of the most prominent Indian apps lag on even the most basic security checks. Some of the critical vulnerabilities detected in these apps include 79% of the Apps were affected by Network Security Misconfiguration.

Organisations should keep the minimum information necessary. If eBay wouldn’t have stored unnecessary information like dates of birth and addresses, the risk of identity theft after the attack would have reduced massively. Secondly, there were 78% of the Apps that lacked sufficient code obfuscation.

Java source code is typically compiled into Java bytecode – the instruction set of the Java virtual machine. The compiled Java bytecode can be easily reverse-engineered back into source code by freely available decompilers. Bytecode Obfuscation is the process of modifying Java bytecode (executable or library) so that it is much harder to read and understand for a hacker but remains fully functional. Insufficient obfuscation might lead to threat actors decompiling or reverse-engineering the code.

There are some Mobile App Security Best Practices to Mitigate these Risks: Like Mobile applications must be created in a manner to run in a hostile environment prone to frequent attacks. And given the widespread vulnerabilities detected in Indian Android apps, it's high time businesses adopt these mobile app security best practices.

To sum up, Ensure your app complies with the leading industry standards like OWASP (Open Web Application Security Project) , PCI DSS ( Payment Card Industry Data Security Standard), GDPR (General Data Protection Regulation), and ISO:27001. This would enhance the security readiness of your app and strengthen the trust among your customers.