Our detailed app findings come from the analysis of more than 400,000 apps published on the Google Play store. We evaluated these apps using NowSecure’s automated app security testing system. The scalable system allows us to test mobile applications for high-risk security and privacy problems including the sending of sensitive data without proper encryption. Each app is automatically tested on a physical device to reduce false positives and avoid instances where an app avoids executing functions because it detects that it is running on an emulator.
As part of our data-gathering and analysis, we have recorded distinct issues for each application. We classify these issues as high risk security flaws as they all expose data a malicious individual could use to gather private, sensitive information or monitor a user’s activity. Data leaks include information an attacker could obtain either over the network or directly from the device itself.
The following chart details the issues evaluated as part of this app security testing study.
Our automated app security testing system also allows us to gather metadata about an app including its category and number of downloads, which allowed us to filter and group the information as we have below.