A report by app security company AppVigil suggests that 98% of top 50 ecommerce apps in India are vulnerable and open for attack.
The company analyzed the top apps and found a total of 1243 security vulnerabilities were found after scanning all the 50 apps from across the domains. Where a large chunk of apps have less count of vulnerabilities, a significant number of apps still have more than 50 vulnerabilities in their apps.
Of all the 1243 vulnerabilities identified, the company found the highest instances of WMITM (36%) and WIP – Improper Component Permissions (25%). Both of these vulnerabilities fall under High severity vulnerabilities and can have a deep impact when exploited for by the attackers.
About the testing process (as shared by the company): All the apps went through stringent analysis on Appvigil: Static, Dynamic and Network analysis. In static analysis, the bytecode structure of the app was studied to look for any vulnerable connections and patterns. In Dynamic analysis, the run time behavior of the apps was tested for vulnerabilities in an emulated hacking environment. The active component of dynamic analysis injects attack vectors to test how app reacts in the case of an hack. While, in the network analysis, all the network calls (API) were monitored between the android app (client) and the remote server.
The entire process was completely automated.