In 2025, AppSec Solutions experts discovered 48.8 thousand vulnerabilities in popular mobile applications from Russian developers. This is 63% more than the previous year. The audit covered over 1.2 thousand Android applications and was conducted using the "black box" method – without access to the source code.
According to the study, 84% of applications contain high or critical level vulnerabilities. There were over 19 thousand critical problems alone. Most often, risks are associated with insecure storage of tokens, keys, and user data. Vulnerabilities that could allow access to confidential information were found in 75% of applications.
The most problems were identified in games, streaming services, financial applications, business software, and media. Risks in the financial sector increased particularly sharply: over three years, the number of the most dangerous vulnerabilities there increased almost 10-fold, reaching 1921 cases.
Experts attribute the increase in threats to the growing complexity of applications, a large number of third-party libraries, SDKs, and cloud integrations. An additional factor was AI-generated code: neural networks accelerate development but can introduce outdated and insecure patterns into projects. According to GK "Solar", popular language models miss 40% to 50% of code vulnerabilities.
The problem is exacerbated by a shortage of AppSec specialists and the race to release new features quickly. AppSec Solutions expects the number of vulnerabilities to continue to grow in 2026. According to experts, the trend can only be reversed through systemic security: regular audits, control of third-party components, secure key storage, and embedding protection directly into the development process.