Worrying news in the cryptocurrency sector has recently surfaced regarding Android wallet apps. A recent report from the respected cyber security company High-Tech Bridge has found serious flaws in 90% of the Android crypto wallet apps it tested. This is naturally concerning news for anyone who uses them to store their Bitcoin or other forms of cryptocurrency.
Major flaws found in majority of wallet apps tested
In the report, High-Tech Bridge used a piece of software called Mobile X-Ray to scan 90 popular Android wallet apps from Google Play Store for common weaknesses. Mobile X-Ray has been specifically designed to perform static and dynamic analysis tests on apps along with behaviour testing for security purposes. The results found that the majority of apps tested were vulnerable to malicious attack due to their construction and processes.
Processes in apps a soft target
One area where cyber-criminals could exploit these kind of apps is via the processes contained within their operating systems. Nasty surprises like Android banking Trojans can find their way in as an automated part of an exploitation chain and do real damage. Other glaring errors in these kind of Android wallet apps for cryptocurrencies included a lack of robust encryption and hardcoded API keys or passwords.
App developers need to step up their efforts
What is perhaps most surprising about the findings from this report are the fact these malicious cyber-bugs and attacks are not new. Cyber-security experts have long been warning of the dangers they pose and how vital it is for apps to be built in a way that protects them.
With the recent outcome of this report though, it would seem that this is not being carried out by app developers. Indeed, it is not only the cryptocurrency sector where software or apps are vulnerable to cyber-crime. Other sectors such as banking and healthcare have also faced the same issues due to flaws in the security of what they are using. It would seem that security is not the top priority when Android apps are being developed which leaves them as a very tempting target for cyber-criminals.