Code alterations more prevalent in Android apps than iOS
57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) apps facing the highest risk, according to Digital.ai.
The study found no correlation between an app’s popularity and likelihood of being attacked but found Android apps are more likely to be put in unsafe environments (76%) than iOS apps (55%). Android apps are also more likely (28%) to be run with modified code than iOS apps (6%).
“There were a staggering 100 billion mobile app downloads in 2021 alone. Between curious actors and threat actors, the reasons and motivations for attacks on any app are varied and increasing,” said Greg Ellis, GM, Application Security, Digital.ai.
“In lucrative industries such as gaming and financial services, there is money to be made and desirable “street cred” from hacking games. Our customers have determined that building security into their apps is the best way to prevent attacks on their apps,” added Ellis.
AI-code assist tools accelerate app development
A confluence of factors helps to explain the high likelihood of an attack in 2023:
The pace of tool democratization among threat actors has accelerated. Reverse-engineering tools such as Ghidra and dynamic instrumentation toolkits such as Frida have recently become more sophisticated and popular.
The advent of cryptocurrencies and P2P payment apps make it much easier for threat actors to “cash out” of schemes, particularly if ransomware is involved.
The nationalization of attacks has opened up enormous resources for threat actors.
“Application owners know all too well the pressures of creating more apps, faster, especially with the addition of AI-code assist tools,” said Derek Holt, CEO, Digital.ai. “This leads to security getting short-changed; it is often not included the DevOps process or it is seen as an impediment without an obvious starting point.”
Cybercriminals profit from pirated games
After analyzing results from multiple industry sectors, the study found that gaming (63%) apps and FinServ apps (62%) are the most likely to be attacked. The stakes are high in in the $250 billion gaming industry.
Selling pirated games in grey-market app stores such as Cydia can give hackers direct income. In addition, money can be made in the micro-economies that popular games create and foster. Those who crack the most protected games are often hailed within the gaming community and are considered worthy of respect.
Apps outside of FinServ and gaming – such as implantable medical devices, Bluetooth-connected phone apps, retail, and more – have a 54% chance of being attacked.