The vast majority of mobile cryptocurrency wallets enough from the point of view of vulnerabilities and security.
To this conclusion came a company that deals with security issues in mobile devices Security Tech High-Tech Bridge, based on the analysis of more than 2000 app in Google Play. Of the top 30 crypto-currency applications, with the number of installations to 100 000, at least 93% contain at least three vulnerability “medium risk” and 90% contain at least two problems with a high level of risk.
Among the most downloaded apps numbers a little better, but not much. Ninety-four percent of applications with more than 500,000 installations contain at least three vulnerability “medium risk” and 77% have at least two vulnerabilities “high risk”.
The most common vulnerabilities according to the analysis include the “insecure data storage”, which means that access to sensitive information can be obtained by third parties, and “lack of cryptography”, which indicates that cryptography was implemented for data protection, but was used incorrectly.
In short, this means that the users of these applications may be at risk.
Ilya Kolochenko, CEO and founder of High-Tech Bridge:
Depending on application functionality, design and vulnerabilities possible a wide range of troubles, up to the leakage of confidential data and even theft of the wallet (the private key).
Unfortunately, I am not surprised by the results of the study.
Kolochenko attribute poor grades lack of attention to remove security in mobile application development.
For many years the company specializing in cyber security, as well as independent experts told the mobile app developers about the risks of “flexible” (agile) development, which usually do not require any frameworks to ensure secure design, secure coding and testing applications from a security point of view.
Users and developers can use a free tool to analyze security, Mobile X-Ray, which connects to mobile apps and allows you to detect weaknesses.
However, when it comes to security of funds, even the firm that conducted the study admits that the problems may be even more. In her analysis she concentrates on frontend and backend could not be less of a problem.