66 Percent of Popular Android Cryptocurrency Apps Don't Use Encryption (vice.com)

← Back to Stories (view on slashdot.org)

66 Percent of Popular Android Cryptocurrency Apps Don't Use Encryption (vice.com)

Posted by msmash on Wednesday November 29, 2017 @04:11AM from the keep-an-eye dept.

An anonymous reader shares a report: High-Tech Bridge used its free mobile app analysis software, called Mobile X-Ray, to peek under the hood of the top 30 cryptocurrency apps in the Google Play store at three different popularity levels: apps with up to 100,000 downloads, up to 500,000 downloads, and apps with more than 500,000 downloads. So, a total of 90 apps altogether. Of the most popular apps, 94 percent used outdated encryption, 66 percent didn't use HTTPS to encrypt user information in transit, 44 percent used hard-coded default passwords (stored in plain text in the code), and overall 94 percent of the most popular apps were found to have "at least three medium-risk vulnerabilities."

32 comments

Min score:

Reason:

Sort:

Oh great by DontBeAMoran · 2017-11-29 04:13 · Score: 2

Here comes the wave of free software designed to keep you busy while it tries to steal your wallet key in the background.

--
#DeleteFacebook
1. Re:Oh great by fisted · 2017-11-29 04:43 · Score: 2, Insightful
  
  Can we please avoid cryptocurrencies being shortened to just "crypto" in the mainstream? Pretty please?
  
  --
  CLI paste? paste.pr0.tips!
2. Re: Oh great by Anonymous Coward · 2017-11-29 04:48 · Score: 0
  
  Welcome to the world of shitware cobbled by shitty smelly H1B hindu-chimps.
3. Re:Oh great by Anonymous Coward · 2017-11-29 04:50 · Score: 0
  
  no.
4. Re:Oh great by Anonymous Coward · 2017-11-29 04:52 · Score: 0
  
  Done. This is /., not very mainstream.
5. Re:Oh great by Anonymous Coward · 2017-11-29 05:09 · Score: 0
  
  the cryptcurrency scene is lousy with windows users. they know of no other crypto.
6. Re:Oh great by Anonymous Coward · 2017-11-29 09:17 · Score: 0
  
  If you want a secure wallet use a tails live distribution.
7. Re:Oh great by Anonymous Coward · 2017-11-29 13:08 · Score: 0
  
  It would be pretty difficult to do that without people noticing it in the source code. There will probably be proprietary gratis apps that will do that though.
8. Re:Oh great by fisted · 2017-11-29 22:19 · Score: 1
  
  You're sadly mistaken, or time traveling.
  
  --
  CLI paste? paste.pr0.tips!
The scam continues by Anonymous Coward · 2017-11-29 04:33 · Score: 0, Funny

Welcome to another episode of Mutual Of Bromaha's Mild Kingdom! Today, we will be following another set of dumb easily hoodwinked techbro's as they continue their headlong march into losing their life savings via the cryptocurrency fad. Wait what's that? Oh we are in for a treat today! Observe how some hilariously dumb "power users" have installed some laughably insecure software to their laughably insecure cell phones to manage their accounts. See how they ignorantly touch and swipe no doubt imagining in their tiny minds how many awesome loot crates they will be able to buy. Oh how delicious it is to watch these total fucking imbeciles all talk each other into believing this generation's penny stocks will set them up for life.
BTC... yeah, I'll pass. by Anonymous Coward · 2017-11-29 04:36 · Score: 0

Until bitcoin starts offering free miles, or rewards points, or cash back or something like that I can't fathom why anyone would use it. You're basically throwing money away. and that's ignoring the enormous security risk of losing it all.
1. Re:BTC... yeah, I'll pass. by Baron_Yam · 2017-11-29 04:46 · Score: 1
  
  >Until bitcoin starts offering free miles, or rewards points, or cash back or something like that
  Or perhaps the ability to, you know, use it in common financial exchange scenarios?
  > I can't fathom why anyone would use it.
  The rapid increase in reported value on the exchanges, a few success stories, and greed outweighing common sense.
2. Re:BTC... yeah, I'll pass. by slazzy · 2017-11-29 05:11 · Score: 1
  
  There are a few legal, important uses. Although the current price increases are making it less usable as a currency.
  
  --
  Website Just Down For Me? Find out
3. Re:BTC... yeah, I'll pass. by Anonymous Coward · 2017-11-29 05:15 · Score: 0
  
  ...I can't fathom why anyone would use it. You're basically throwing money away.
  Buying LSD with cash is difficult when you have no appropriate connections. Buying it with Bitcoin is easy. There are other examples.
  
  ...that's ignoring the enormous security risk of losing it all.
  Nope. I keep it in the freezer.
4. Re:BTC... yeah, I'll pass. by Anonymous Coward · 2017-11-29 06:18 · Score: 0
  
  There is no risk if all you do is try to win up to $200 worth of Bitcoin every hour, FOR FREE!
5. Re: BTC... yeah, I'll pass. by Anonymous Coward · 2017-11-29 06:43 · Score: 0
  
  Creimer affiliate spam, mod down.
6. Re:BTC... yeah, I'll pass. by reanjr · 2017-11-29 06:55 · Score: 1
  
  The IRS is not helping. Tracking capital gains when you purchase a stick of gum is insane.
Here is a sad truth about modern software ... by Anonymous Coward · 2017-11-29 04:57 · Score: 0

Of the most popular apps, 94 percent used outdated encryption, 66 percent didn't use HTTPS to encrypt user information in transit, 44 percent used hard-coded default passwords (stored in plain text in the code), and overall 94 percent of the most popular apps were found to have "at least three medium-risk vulnerabilities"
Sadly, this sums up some very sad realities about modern software, especially apps for mobile phones: it's complete fucking crap.
More specifically, it's put together by lazy and incompetent people, who are managed by idiots and greedy assholes who just want a product out the door, who are more concerned with ad revenue than any actual quality, and who have neither the time, inclination, or skillset to write solid robust code.
The "app economy" creates what are essentially fly by night companies who rush products out the door to get into the market space. They don't care about security, they care about revenue. They just want to push some piece of crap out the door which is part of the latest fad, they want ad revenue and analytics data they can sell for revenue ... and if that involves shortcuts, sneaky stuff to spy on you, and shit code written by idiots, so be it.
Mobile apps are the new gold rush, and as a result you get a fairly large amount of shady products. That we're all apparently shocked by this is pathetic. That people are entrusting currency to this shit is hilarious.
Honestly, I've given up on apps. I've stopped looking for apps. The overwhelming majority are useless garbage and clones of other stuff; I've never seen any indication I'd entrust an app with something which spends like cash.
1. Re: Here is a sad truth about modern software ... by Anonymous Coward · 2017-11-29 05:15 · Score: 0
  
  Apps don't like you either.
2. Re:Here is a sad truth about modern software ... by ctilsie242 · 2017-11-29 07:07 · Score: 1
  
  I think you hit the nail on the head. There are very few apps that have been maintained over the years. Most games, like the good tower defense ones (before IAP destroyed the gaming genre) likely won't work on new machines (especially on iOS 11 where none of the older, 32 bit stuff will work.)
  For the most part, app developers don't give a flying fuck about security. They want to get their product stuffed into iTunes Connect or Google Play as soon as possible, security be damned. Plus, if their product craters and people lose all their cryptocurrency, it won't be the app company who will be responsible.
  Good wallet programs are almost impossible to find.
3. Re:Here is a sad truth about modern software ... by Anonymous Coward · 2017-11-29 07:50 · Score: 0
  
  For the Android platform, the only apps I almost trust can be found on FDroid.
  For the iOS platform, I've concluded that no apps are trustworthy.
Article is largely useless by alchemistcook · 2017-11-29 05:03 · Score: 1

Names not one single name.
1. Re:Article is largely useless by Anonymous Coward · 2017-11-29 06:15 · Score: 0
  
  Took a 200 billion dollar company almost 5 years before HTTPSing their store traffic... not sure why it's surprising nobody else has.
mod "no" up by Anonymous Coward · 2017-11-29 05:12 · Score: 0

ship sailed
Re: Isn't it ironic... by Anonymous Coward · 2017-11-29 06:42 · Score: 0

allanis morsette is that you?
Where have you gone?
What is by fredrated · 2017-11-29 06:44 · Score: 1

a cryptocurrency app?
1. Re:What is by FFOMelchior · 2017-11-29 07:00 · Score: 1
  
  An app that both synergies with the fog computing ecosystem to leverage AI deep-learning and pivot the IOT into a user-managed scalable silo paradigm.
2. Re:What is by fredrated · 2017-11-29 11:30 · Score: 1
  
  Sounds like a must-have!
The useful information from this would be... by Anonymous Coward · 2017-11-30 01:41 · Score: 0

Yeah yeah, random software is badly written, full of bugs and made by people with hardly a clue what they are doing. No surprise there.
But there would have been one piece of information that would have made this article positive and worth reading:
What are those 6% of apps that do it right? Which of those go beyond what should be minimum security?