Android Cryptocurrency Wallet Apps Are a Security Disaster Waiting to Happen

[LASER_oneXM]

The vast majority of Android mobile apps available on the official Google Play Store that are meant for the management of cryptocurrencies are vulnerable to the most common and well-known vulnerabilities, according to a report published today by Swiss cyber-security firm High-Tech Bridge.

The report was put together by scanning the most popular cryptocurrency management apps using Mobile X-Ray, a free web-based mobile app scanner that launched this month.

Mobile X-Ray performs a combination of static and dynamic analysis tests, along with simple behavior testing for privacy and malicious functionality.

Over 90% of all scanned apps were vulnerable

High-Tech Bridge researchers used Mobile X-Ray to scan 90 popular Android apps for common vulnerabilities and various weaknesses and say that over 90% of all apps "may be in trouble."

Some of these flaws can be automated part of exploitation chains included with Android banking trojans. With Bitcoin and various other cryptocurrencies reaching all-time high trading prices, the flaws in these apps expose users to theft and other financial fraud.

Apps featured well-known vulnerabilities, included hardcoded API keys and passwords, did not use encryption, and were vulnerable to MitM attacks.