5 Billion Android Apps Open to Hacking

3 min read
This story originally appeared on CNBC

Over five billion downloaded Android apps are vulnerable to being hacked, cybersecurity researchers have found, as attackers exploit flaws in Google's operating system.

Some 96 percent of malware -- or malicious software -- employed by hackers target Google Android, according to U.S. firm FireEye, which analysed more than 7 million mobile apps on Android and Apple iOS between January and October 2014.

Apps designed to steal financial data were especially popular, the researchers found. The open-source nature of Android allows hackers to find the code behind a popular app, they said, and recreate the app almost identically but with a malicious code to infect users.

"You can get all the code and then you can insert additional instructions and make it look and feel like the original app and no way for a consumer to tell the difference when they download it," Jason Steer, director of technology strategy at FireEye told CNBC by phone.

Google did not respond to a request from CNBC for comment.

Malware targeted at Google's operating system has surged from roughly 240,000 unique samples in 2013, to more than 390,000 unique samples in the first three quarters of 2014, according to the research.

Fireye said that one of Android's biggest vulnerabilities was the way in which its mobile apps communicate information back to servers. It found that much of this communication was unencrypted, leaving it open for hackers to intercept and insert malicious code that can infect end users.

Advertisements also left some app users exposed. Many apps use third-party advertising software to display ads and make money from users. But Steer said that such data collection was often "aggressive," and warned that sometimes the software communicates this data in an insecure way, leaving it open to hackers.

iOS vulnerabilities

It is not only Android apps that are vulnerable, however. Vulnerabilities in apps on iOS devices, once seen as very secure, were also identified.

Previously, hackers could only exploit jailbroken iOS devices with malicious apps. Jailbroken devices allow users to install apps not released through Apple's App Store. Now, FireEye's researchers said hackers were able to make malware that can attack a non-jailbroken device.

Apple did not respond to a request for comment.

Opportunistic hackers are also sidestepping Apple's app verification process.

App developers typically build and test an app in beta mode on Apple's iOS Developer Enterprise Program. It then goes through stringent tests by Apple for security before it is pushed out on the App Store.

But hackers are now creating apps through this program, then sending them to people via text messages or emails as a link. When a user clicks the link, the malicious app is downloaded on their device.

Steer said that because Apple devices have become so popular, hackers see them as a valuable target.

More from Entrepreneur

Grow Your Business at Entrepreneur LIVE! Join us on Nov. 16 in Brooklyn, NY, to learn from legends like Danica Patrick and Maria Sharapova, pitch our editors, meet with investors, and potentially walk away with funding!
Register here

One-on-one online sessions with our experts can help you start a business, grow your business, build your brand, fundraise and more.
Book Your Session

In as little as seven months, the Entrepreneur Authors program will turn your ideas and expertise into a professionally presented book.
Apply Now

Latest on Entrepreneur

My Queue

There are no Videos in your queue.

Click on the Add to next to any video to save to your queue.

There are no Articles in your queue.

Click on the Add to next to any article to save to your queue.

There are no Podcasts in your queue.

Click on the Add to next to any podcast episode to save to your queue.

You're not following any authors.

Click the Follow button on any author page to keep up with the latest content from your favorite authors.