Peril in a Pandemic: The State of Mobile Application Security

Executive summary

The Synopsys Cybersecurity Research Center (CyRC) analyzed more than 3,000 popular Android applications to assess the state of mobile app security during the COVID-19 pandemic. The study targeted the most downloaded and highest grossing apps across 18 categories, many of which have seen explosive growth during the pandemic. The research focused on three core areas of mobile app security:

• Vulnerabilities: The presence of known software vulnerabilities in the applications’ open source components
• Information leakage: Sensitive data such as private keys, tokens, and passwords exposed in the application code
• Mobile device permissions: Applications requiring excessive access to mobile device data and features

The analysis reveals that the majority of apps contain open source components with known security vulnerabilities. It also highlights other pervasive security concerns including myriad potentially sensitive data exposed in the application code and the use of excessive mobile device permissions.

For consumers, this report highlights the jarring reality that even the most popular mobile apps are not immune to security and privacy weaknesses and should not be trusted implicitly. For app developers, this underscores the urgent need for secure software development practices and better overall privacy and security hygiene.

Peril in a Pandemic: The State of Mobile Application Security

In this challenging time, limitations driven by social distancing and lockdowns have moved the world online in remarkable ways, perhaps forever changing the way we work, learn, and interact. Society has quickly adapted, making resources traditionally available only in the physical world accessible virtually. The result is a culture increasingly reliant on mobile applications to conduct daily activities.

Through the lens of the COVID-19 pandemic, the Synopsys Cybersecurity Research Center (CyRC) set out to explore the state of application security in this increasingly application-driven world. It boiled its analysis down to two key questions:

• Are popular mobile applications reasonably secure, or do they represent low-hanging fruit for attackers?
• Do app developers prioritize security and privacy when determining which device permissions and data their applications can access?

Download report to find more.