High-Tech Bridge: 90% of cryptocurrency Android apps we studied are vulnerable
The security company called High-Tech Bridge has finished its review of the applications on Google Play (previously known as Android Market) and has come to conclusions which might make one reconsider the list of apps on the phone. Turns out that most apps contain at least medium-risk issues. This primarily should concern those people who use the mobile clients of their Bitcoin wallets. Maybe it’s better to exclusively use the Web site/computer wallet program/hardware wallet after all without downloading wallet clients.
Security issues also include the fact that 77% of applications with up to 500,000 installations were still using SSLv3 or TLS 1.0 banned by PCI DSS and the absolute majority of the reviewed 30 apps with over 500,000 installations — 100% of them — didn’t have any protection against reverse-engineering. This is very bad news for those who thought that the number of people who installed the app and good comments necessarily guarantee the good software.
There was lately another issue spotted by the employee of Trend Micro Incorporated. Malefactors can issue an app that’s good at first, but then they update it with a malicious code that turns a mobile device into a latent mining device, spending its resources to enrich hackers.