Mobile apps are now being targeted by cybercriminals. In fact, a study of the top 100 paid mobile apps on iOS and Android platforms revealed startling information: 100% of the Google Android apps and more than 90% of iOS apps had been hacked at one point in time.
A bug found in one popular mobile app led to credential stealing. That gave the bad guys access to some online banking, Netflix, and Amazon passwords. Another mobile app let cybercriminals steal cryptocurrency by using hacked apps on unsuspecting user’s phones. An injection of malware spoofed apps, including Signal, to steal identities and chats. Here is a short list of popular apps that are at an increased risk of being a hacker.
Even the largest companies in the world have been hit. Hackers figured out how to take over your phone using WhatsApp. This exploit allowed them to spy on people, activate the phone’s camera and microphone, and do mischief.
Nearly half a million people that use Facebook had their data exposed, including user IDs, friends, photos, locations, and 22,000 passwords.
A breach of MyFitnessPal affected more than 150 million users of Under Armour’s fitness app. Many fitness apps, which stores personal health data, are vulnerable to attack. A study by the Citizen Lab at the Munk School of Global Affairs at the University of Toronto tested a number of fitness apps and found the potential for abuse. Garmin, Fitbit, Mio Fuse, Pulse O2, and Xiaomi Mi Band all transmit over Bluetooth with uniquely identifiable codes. These codes can be captured and tracked.
In an effort to find the right match, people put tons of personal info into dating apps. However, a recent investigation by ProPrivacy.com found that many of the most popular dating apps are not only owned by the same company, InterActiveCorp (IAC) but share information with third-party vendors and advertisers in order to provide targeted advertisements. Additionally, when users sign up for apps like eHarmony, OkCupid and Tinder, they agree to give away personal data and profile pictures that can be distributed and published on other sites the parent company owns. Even “private” conversations between two users can be used or published if the company wishes.
In addition to actively using user data or selling it to advertisers, dating apps have also been hacked by outsiders. Dating app Coffee Meets Bagels recently sent emails to six million users to let them know that an unauthorized party had access to names and email addresses.
Mobile app Glow helps women track their menstrual cycles and fertility. Users record personal information, including medications and intimate physical details. A Consumer Reports test revealed vulnerabilities that could allow hackers to access email addresses, passwords, and access personal info.
It seems just about every restaurant, hotel, credit card, and grocery store offer rewards for loyal customers. Give your personal info, let them track your shopping habits, and you get discounts or points that can be redeemed for gifts or money. These companies, however, often aggregate and sell this data. It’s used for targeted advertising and other reasons.
The data is used in ways customers are uncomfortable with. Target, for example, was able to track product purchases and identified a series of products that, when bought together, indicate a woman is likely pregnant. The company then would send mail offers to homes. In one case, it sent offers to a high school girl, who it turned out was pregnant but hadn’t known.