Just like consumers are focusing more on mobile gadgets with each passing year, so are hackers. After all, your smartphone or tablet potentially contains browsing history, banking information, location history, text messages, photos and plenty more hackers can use to steal your identity and money.
Plus, from the hacker's perspective, mobile gadget security isn't quite as advanced as computer security. While gadgets' built-in mobile security continues to improve, a lot of relies on keeping malicious apps out of the various app stores. Unfortunately, that doesn't always work so well.
Hackers still do slip malicious apps into legitimate app stores. Plus, on Android, which can install apps from any source, there are plenty of third-party app stores just teeming with malicious apps. Hackers can even trick you into installing a malicious app from a text message. Learn how to avoid this attack.
In addition to malicious apps, there are a lot of legitimate apps out there that have flaws hackers can exploit. Because apps are so easy to make, a lot of app developers don't have a background in security and don't even think about it. Or they use code libraries that have flaws already in them. That's what happened with the Android Stagefright flaw and its siblings.
So it isn't a surprise that in its Cyber Risk Report for 2016, Hewlett Packard Enterprise found that 75% of the mobile apps it scanned contained a "critical or high-severity" vulnerability. Now, that doesn't automatically mean 75% of apps out there are malicious or you should uninstall three-quarters of the apps on your phone.
In fact, HPE doesn't say if it only scanned apps from official app stores, or included third-party app stores as well. If it was the latter, then many of the apps it scanned probably aren't even in the official apps stores.
Either way, before that 75% number makes you panic, it helps to know what HPE means when it says "critical or high-severity vulnerability."