Security Vulnerabilities Found in Over 60% of Android Apps

In total, 44% of these Android app vulnerabilities were marked as high-risk

When an application code has a mistake left by a developer, it can lead to security issues. Those issues are a target for criminal activity, which may compromise your personal data and information.

Data collected by the Atlas VPN team indicates that 63% of Android apps have known security vulnerabilities in Q1 of 2021. Among that percentage, an average of 39 vulnerabilities is present per app, and financial and gaming apps had the most vulnerabilities.

These figures come from the Synopsys Cybersecurity Research Center’s (CyRC) “Peril in a Pandemic: The State of Mobile Application Security” report. In the report, the CyRC analyzed the security of open-source software components found with 3,335 free and paid Google Play Store mobile applications in Q1 of 2021. The apps were found among 18 of the most popular app categories during the pandemic, with 98% containing open-source components.

Gaming and Financial Apps The Hardest Hit

Of all the apps, free gaming apps topped the list with a staggering 96% containing vulnerable components. In addition to the free gaming apps, 94% of the top-grossing gaming apps and 80% of the top paid gaming apps also experienced vulnerabilities issues.

The second most vulnerable category was financial apps. Even with the high level of security requiring personally sensitive data, 88% of banking apps, 84% of budgeting apps, and 80% of payment apps experienced security vulnerabilities.

The top-grossing and top free apps experienced significant levels of vulnerability, but both were 63% lower than the general average. Vulnerabilities were seen in 61% of the top-grossing apps, while top free apps experienced vulnerabilities in 59%.

The remaining components that experienced vulnerabilities were as follows:

  • 58% in productivity apps
  • 57% in educational apps
  • 56% in teacher apps
  • 55% in entertainment apps

In Q1 of 2021, 3,137 unique vulnerabilities were found and made appearances more than 82,000 times across the Android apps. It’s been over two years since around 73% of these vulnerabilities were initially disclosed. As the first quarter of the year rolled on, these vulnerabilities were still present in Android apps.

Available Fixes to These Vulnerabilities

Of all the apps under threat, educational apps experienced the highest level. Even though some of these vulnerabilities may be considered minor and not pose any real threat to the device, other vulnerabilities can become serious problems.

Android experienced the highest number of exploitable vulnerabilities in educational apps during the first quarter of 2021, with a total of 43%. Productivity and banking apps came in second with 41% and 39% in vulnerabilities.   

Gaming apps suffered the hardest. These apps had 6% vulnerabilities with no fixes available. Following closely behind gaming apps were budgeting and banking apps, each containing 5% vulnerabilities with no fixes.

The Level of Threat

In total, 44% of these Android app vulnerabilities were marked as high-risk, meaning that the vulnerabilities posed a tangible threat to the app. Within this category of high-risk vulnerabilities, 1% were done with Remote Code Execution. RCE occurs when an attacker executes any code of their choosing with certain system-level privileges on servers with that specific issue.

Although the report revealed that 94% of these vulnerabilities have publicly documented fixes, there were still 6% that had no known solution to the issue. With most companies still using open-source components to create these mobile apps, they must address these issues. As millions of Google Play apps are downloaded, it is apparent that there will still be a security issue for Android users.