90% of Crypto Mobile Apps 'In Trouble,' Security Report Claims

A new report suggests mobile wallets catering to the cryptocurrency market may not be as secure as consumers may desire.

Nov 29, 2017 at 4:55 a.m. UTC
Updated Sep 13, 2021 at 7:12 a.m. UTC

The vast majority of mobile cryptocurrency wallet apps employ poor security.

Or so claims new research from San Francisco security firm High-Tech Bridge based on an analysis of more than 2,000 apps on Google Play. Of the first 30 crypto apps with up to 100,000 total installations, 93 percent contain at least three "medium-risk" vulnerabilities and 90 percent contain at least two "high-risk" issues.

Among the most-downloaded apps, the numbers are a little better, but not by much. Ninety-four percent of apps with over 500,000 installations contain at least three "medium-risk" vulnerabilities and 77 percent contain at least two high-risk vulnerabilities.

The most common vulnerabilities, according to the analysis, include "insecure data storage," which means information that should be private can leak unintentionally, and "insufficient cryptography," which indicates some form of cryptography was implemented to shield data, but was used incorrectly.

In short, this means users might be at risk.

"Depending on the application functionality, design and vulnerabilities, a wide spectrum of nuisances is possible, up to sensitive data and even the wallet (private key) theft," said Ilia Kolochenko, CEO and founder of High-Tech Bridge.

He added:

"Unfortunately, I am not surprised with the outcomes of the research."

Kolochenko attributes the poor scores to a lack of emphasis on security across mobile development.

"For many years, cybersecurity companies and independent experts were notifying mobile app developers about the risks of 'agile' development that usually imply no framework to assure secure design, secure coding and hardening techniques or application security testing," he added.

Users and developers can use the company's free security analysis tool, Mobile X-Ray, to plug in mobile apps and see the vulnerabilities for themselves.

However, when it comes to securing funds, there's plenty that can go wrong. The tech firm implies that its own research doesn't go far enough. Its analysis, for instance, only looks at the frontend of the apps, and there could be other problems in the backend.

The report remarks: "This is just the tip of the iceberg."

Broken lock image via Shutterstock

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
CoinDesk - Unknown
It’s Not Just LUNA. Terra’s DeFi Apps Have Hemmorhaged $28B

Investors have largely exited the Terra ecosystem – now evident in DeFi protocols on the blockchain – and analysts remain skeptical about its long-term prospects.

Investors have largely exited the Terra ecosystem – now evident in DeFi protocols on the blockchain – and analysts remain skeptical about its long-term prospects.

CoinDesk - Unknown
2
CoinDesk - Unknown
Crypto Should Meet Same Norms as Regular Finance, G7 Says

Finance ministers want to see financial stability and money-laundering standards in effect soon, citing recent market turmoil.

Finance ministers want to see financial stability and money-laundering standards in effect soon, citing recent market turmoil.

CoinDesk - Unknown
3
CoinDesk - Unknown
Regulate Ledgers and Not Individual Crypto Providers, BIS Study Says

To make cross-border payments easier, you need to change your whole way of thinking, the authors of the BIS study found.

To make cross-border payments easier, you need to change your whole way of thinking, the authors of the BIS study found.

CoinDesk - Unknown
4
CoinDesk - Unknown
Goldman Sees Little US Economic Impact From Lower Cryptocurrency Prices

The stock market decline has had a much larger effect on U.S. household net worth, the bank said.

The stock market decline has had a much larger effect on U.S. household net worth, the bank said.

CoinDesk - Unknown