Above 60 Percent Of iOS apps found with security gaps

Passwords, photos, payment data – all of this is practically unprotected on the net with many iOS apps. Security researchers have now uncovered how massive developers of apps for Apple devices violate elementary protective measures.

Alarming security gaps in the App Store

A new examination throws a bad light on the safety of iOS apps. Despite Apple’s strict controls, more than two thirds of the applications analyzed during a large investigation have critical weaknesses – more precisely 71 percent. On average, each app reveals more than five sensitive data records that could potentially be misused by attackers.

The research team of Cybernews In his analysis of 156,000 iOS apps, could find far -reaching problems – that is about 8 percent of all apps in the Apple Store. “Many iOS developers make it too easy hackers,” warns security researcher Aras Nazarovas. API key and database access were often unencrypted in the program code.

To put it simply, it is as if you are hiding the house key under the floor mat on the door. An attacker only has to look to receive unhindered access. Secret data should never be firmly anchored in the code of an app. Cybernew’s security researcher

Weaknesses in detail

The so -called “Storage Buckets” – cloud storage locations for user data such as images and documents are particularly problematic. At 78,343 apps, the researchers found corresponding access data in the source code. Another 42,000 applications contained unprotected database URLs, through which attackers could potentially access emails and passwords.

The investigation shows that developers often violate basic security principles. Instead of storing access data in protected environment variables or encrypted configuration files, you are embedded directly in the app code. This practice makes it easy for attackers to get sensitive information by simply decompiling the apps. Particularly critical: With at least 836 apps, the cloud memory were completely unprotected.

The researchers found over 76 billion exposed files with a total volume of more than 406 terabytes. These included highly sensitive data such as user registrations and app protocols. But it is even worse: 19 of the apps contained stripe keys for payment processing. “With these, attackers could trigger payments and reimbursements and access the billing addresses, names and payment information,” explains Nazarovas.

Protection measures for users

For app users, it is practically impossible to check the safety of an application itself. Experts therefore recommend:

Only install apps from established developers
Limit app permissions to the most necessary
Reservation when entering personal data
Regular review and deletion of unused apps

Significant iOS security gaps

2015 XCODEGHOST: Malware in iOS apps on manipulated Xcode versions that sent user data to servers in China
2015 Freak Attack: Vulnerability in SSL/TLS encryption, which made it possible to decipher HTTPS compounds
2018 Specter & Meltdown: Safety gaps in hardware processors, which could extract information from the memory by speculative execution
2019 Checkm8: An “unpatchable” bootrome security gap that affected iPhones from 4S to X and enabled extended opportunities for jailbreaking
2021 Zero-Day Exploits: Webkit weak spots, which made remote code design possible without user interaction and were patched with iOS 14.5