Cybersecurity specialists from the Russian company AppSec Solutions have discovered approximately 2,000 vulnerabilities in popular communication and dating applications. Around 350 of these are classified as high-risk. About 17% were critical, meaning one in six.
The analysis was conducted using the AppSec.Sting service on mobile applications in the "communication and networking" category.
The most dangerous vulnerabilities are related to storing confidential information in plain text. For example, 22 applications contained passwords and tokens in open source code, which significantly simplifies the task for hackers. Additionally, some software contains databases that are writeable, which can also pose a danger.
Communication and dating applications most often encounter vulnerabilities related to the storage and processing of sensitive user data. One of the most common problems is saving passwords, tokens, and access keys in plain text, including directly in the source code, in a private directory, or in external configuration services
The study tested 100 popular applications, including messengers and dating services.
Read more on this topic:
- Neural Networks Trained to Quickly Find Vulnerabilities in Program Code
- Two-Thirds of Russian Companies Found Vulnerable to Hacking
- Program That Outpaces Hackers: NovSU Develops System for Finding Software Vulnerabilities
