Are Cryptocurrency Apps as Secure as They Say They Are?

December 15, 2017 - 3 minutes read

Cybersecurity remains a hot topic in the tech community, as there seems to be no shortage of new flaws or hacks being uncovered. This edition of Dogtown Media News focuses on current security troubles with cryptocurrency apps.

In the Fintech categories of iOS and Android apps, cryptocurrency apps are beginning to fill the top spots. With blockchain app development often used to secure the backend, many users feel safe using these apps to dip their feet into Bitcoin investing. But new research may make them think twice.

A Lack of Cryptocybersecurity

That’s a mouthful, isn’t it?

It’s widely assumed that a mobile app dealing with cryptocurrencies is automatically secure. Two-factor authentication and various cold storage techniques used by cryptocurrency exchanges promise privacy. But just because you’re working with anonymous, private transactions doesn’t necessarily mean that your app is secure. And that’s a difficult concept for a lot of consumers to wrap their head around.

High-Tech Bridge recently released an in-depth report detailing exactly how deep these cybersecurity flaws run. More than 90% of the most popular cryptocurrency apps on the Google Play store display common vulnerabilities and weaknesses. CEO of High-Tech Bridge, Ilia Kolochenko, explains, “Weakness in a mobile application may lead to a breach of the mobile device or its data, while a vulnerable API on the backend – may allow attackers to steal the integrity of users’ data.”

On an optimistic note, the data suggests that cryptocurrency apps with more downloads make a bigger effort towards cybersecurity. For example, 80% of the first 30 apps with up to 100,000 installs were sending potentially sensitive data without any encryption over HTTP. That number dropped to 37% for the first 30 apps with 500,000 installs. 93% of the top 30 apps with 100,000 installs had at least three medium-risk vulnerabilities. That fell to 66% of the top 30 apps with 500,000 installs.

Focusing More on Security Going Forward

“Unfortunately, I am not surprised with the outcomes of the research,” Kolochenko said of the results. “For many years, cybersecurity companies and independent experts were notifying mobile app developers about the risks of ‘agile’ development.”

Kolochenko explains how mobile app developers can address these security flaws: “A mobile app usually contains much less exploitable vulnerabilities than its backend. To minimize security vulnerabilities and weaknesses in mobile applications, developers should carefully plan and rigorously implement security and privacy from the early stages of development.”

It’s much more cost-effective to pay upfront in time and money for security, testing, and debugging than trying to patch things up when you’ve got 500,000 users. Cybersecurity is a cornerstone of strong mobile app development, and all developers should incorporate security into their timeline much earlier in the production cycle. A great mobile app experience is just as much about making your users feel safe as it is about giving them the future at their fingertips.

Tags: , , , , , , , , , , , , , , , , , , , , , , ,