[Owasp-leaders] OWASP Mobile Top Ten 2014 - M10 Datapoints

Jonathan Carter jonathan.carter at owasp.org
Tue Nov 4 20:52:29 UTC 2014


Hi Everyone,

At the request of many people, I'm including sanitized data behind the M10
finding for OWASP Mobile Top Ten 2014. The sanitized data shows the
prevalence of binary-hacks against mobile apps and the prevalence of the
issue of reverse engineering / integrity violation.

Here are many other, independent studies on the risks / prevalence of
reverse engieering / binary attacks that were used by the group as
datapoints for M10:

Tech Crunch: Developer Spams Google Play With RipOffs of Well-Known Apps…
Again
<http://techcrunch.com/2014/01/02/developer-spams-google-play-with-ripoffs-of-well-known-apps-again/>,
January 2 2014: *“It’s not uncommon to search the Google Play app store and
find a number of knock-off or “fake” apps aiming to trick unsuspecting
searchers into downloading them over the real thing.”*

Tech Hive: Apple Pulls Ripoff Apps from its Walled Garden
<http://www.techhive.com/article/249310/apple_pulls_ripoff_apps_from_its_walled_garden.html>Feb
4th, 2012:
*“While Apple is known for screening apps before they are allowed to sprout
up in its walled garden, clearly fake apps do get in. Once they do, getting
them out depends on developers who raise a fuss.”*

Extreme Tech: Chinese App Store Offers Pirated iOS Apps Without the Need To
Jailbreak
<http://www.extremetech.com/mobile/153849-chinese-app-store-offers-pirated-ios-apps-without-the-need-to-jailbreak>,
April 19 2013:
*“The site offers apps for free that would otherwise cost money, including
big-name titles.”*
Software Development Times: More than 5,000 apps in the Google Play Store
are copied APKs, or 'thief-ware' <http://sdt.bz/66393#ixzz2sHa7dFMp>,
November 20 2013: *“In most cases, the 2,140 copycat developers that were
found reassembled the apps almost identically, adding new advertising SDKs
to siphon profits away from the original developers.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141104/bb6f7451/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OWASP Mobile Top Ten 2014 - M10 Sample Data.zip
Type: application/zip
Size: 230247 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141104/bb6f7451/attachment-0001.zip>


More information about the OWASP-Leaders mailing list