Over 60% of Android apps contain security vulnerabilities, with the average number of bugs per-app totaling a whopping 39 vulnerabilities. These figures are based on data presented by Atlas VPN, and data based on a report by CyRC, which analyzed the security of open-source software components of 3,335 free and paid mobile applications on the Google Play store as of Q1 2021.
Predictably, the category of top-free games was the worst, where 96% were found to contain vulnerable components. Following closely behind were top-grossing games and top-paid games.
And some of these bugs are old.
"All in all, 3,137 unique vulnerabilities were found in Q1 2021 that appeared more than 82,000 times across Android apps," the report states. "A total of 73% of vulnerabilities had been first disclosed more than two years ago. However, they were still present in Android apps in the first quarter of this year."
While it's easy to focus on games, educational, banking, and productivity apps are also a toxic hellstew of vulnerabilities. What makes it worse is that most of these bugs are fixable, if the developers cared to do an audit.
"Educational apps had the highest number of exploitable Android vulnerabilities with possible fixes as of the first quarter of 2021-- 43 percent. Meanwhile, productivity and banking apps occupied the second and third spots in the list. They contained 41 percent and 39 percent of such vulnerabilities, respectively."
Is this a problem? Yes, says Atlas VPN, which says that "given that the Google Play store applications have been downloaded millions of times, it is safe to say they pose significant security risks to Android users."