A recent research has found the vast majority of mobile crypto currency wallet apps employ poor security. The San Francisco based security firm High-Tech Bridge analyzed more than 2,000 crypto mobile apps on Google Play.
93% of the first 30 crypto apps with over 100,000 total installations had at least three "medium-risk" vulnerabilities in addition to 90% having at least two "high-risk" issues. The most downloaded digital currency wallet apps, with over 500,000 installations, the numbers are slightly better. Ninety-four percent of these apps had at least three "medium-risk" vulnerabilities while 77% contained at least two high-risk vulnerabilities.
According to the analysis, the most common vulnerability was "insecure data storage" which means private information can be compromised. "Insufficient cryptography" was another major vulnerability found which indicates some form of cryptography was implemented to prevent data leak but was used incorrectly.
Ilia Kolochenko, CEO and founder of High-Tech Bridge, said that a wide spectrum of nuisances is possible depending on the application functionality, design and vulnerabilities. He added that sensitive data such as the wallet (private key) could be compromised and there's plenty that can go wrong when it comes to securing funds digitally.
The tech firms imply that its own research does not go far. Sometimes, only the frontend of the apps is looked at and there could be other problems in the backend. For many years, cyber security companies and independent experts have been notifying mobile app developers about the risks of 'agile' development which usually imply no framework to assure secure design, secure coding and hardening techniques or application security testing.
The total cryptocurrency market cap has recently crossed the $300 billion threshold for the first time. In the past week alone, the total virtual currency market cap has grown by more than $60 billion.