Sihai network

70% of 130000 financial apps have high-risk loopholes

Here comes the play.

1. High risk vulnerability represented by data leakage

In this observation, 70.22% of financial industry apps are found to have high-risk vulnerabilities, which can be used by attackers to steal user data, conduct app counterfeiting, implant malicious programs, attack services, etc., posing a serious threat to app security. Among them, the high-risk vulnerabilities of top3 all have the risk of causing app data leakage.

2. Risk of malicious program infection represented by rogue behavior

In this observation, 8217 financial industry apps were detected with a 6.16% infection rate, mainly involving rogue behavior, information theft, malicious communication, tariff consumption, remote control and other malicious behaviors, which brought harm to the personal privacy and property security of APP users. Among them, APP infected by rogue malicious program accounts for the most, about 82.02%. ?

3. Use the third-party SDK to introduce security risks

It is found in this observation that 20.48% of financial industry apps are embedded in third-party SDKs, with a total of 104005 embedded SDKs. Among the financial industry apps embedded in the SDK, 45% of them have embedded 5 or more SDKs. Due to the security risks of the third-party SDK, such as the hidden collection of user information, the vulnerability of its own is easy to be used by lawbreakers, the financial industry app also faces certain security risks. ?

4. Risk of privacy disclosure caused by illegal claims

In this observation, 12 typical financial industry apps with over 100 million downloads were selected for sampling analysis. Through research, it was found that many apps ask for users' rights beyond the scope in varying degrees, and there are many illegal behaviors in privacy policy, which brings hidden dangers to users' personal privacy information security. Once the personal privacy information of APP users is leaked, it will bring serious consequences, such as harassing phone calls, information fraud, malicious marketing, network emotional fraud, etc., which will seriously damage the interests of APP users.

5. Insufficient safety reinforcement to expose safety risks

It is found in this observation that only 17.08% of financial industry apps have been secured, and more than 80% of financial industry apps are "streaking" in the application market, without any security reinforcement. However, if an Android application written in Java language is not reinforced, its packaged APK files can easily be reverse analyzed by decompilator tools, thus exposing risks. ?