Security a Major Issue in Most Crypto Mobile Apps

Security issues continue to hound majority of mobile cryptocurrency wallet apps.

The vast majority of mobile cryptocurrency wallet apps employ poor security.

San Francisco security company High-Tech Bridge made the claims in their recent research that analyzed over 2,000 apps on Google Play.

From the first 30 crypto apps with up to 100,000 total installations, 93% contain at least three "medium-risk" vulnerabilities.

90% also contain at least two "high-risk" issues.

Of the most-downloaded apps, the numbers improved a little but not by much.

94% of apps with over 500,000 installations have at least three "medium-risk" vulnerabilities and 77% have at least two high-risk vulnerabilities.

The analysis uncovered that the most common vulnerabilities include "insecure data storage," which means information can leak unintentionally.

Another is "insufficient cryptography," which shows some form of cryptography was applied to shield data, but was done incorrectly.

In simple terms, this means users might be at risk.

"Depending on the application functionality, design and vulnerabilities, a wide spectrum of nuisances is possible, up to sensitive data and even the wallet (private key) theft," said Ilia Kolochenko, CEO and founder of High-Tech Bridge.

"Unfortunately, I am not surprised with the outcomes of the research," he added.

Kolochenko blames the poor ratings to a lack of focus on security across mobile development.

"For many years, cybersecurity companies and independent experts were notifying mobile app developers about the risks of 'agile' development that usually imply no framework to assure secure design, secure coding and hardening techniques or application security testing," he explained.

Users and developers can utilize the company's free security analysis tool, Mobile X-Ray, to plug in mobile apps.

They can also take a look at the vulnerabilities for themselves.

However, when it comes to securing funds, there's a lot that can go wrong.

The tech firm admits that its work is not as far-reaching.

Its analysis, for example, only examines the frontend of the apps when there could be other issues in the backend.

"This is just the tip of the iceberg," the report said.
Click here for more information about bitcoin

Leave a Reply

Your email address will not be published. Required fields are marked *