Share this article
90% of Crypto Mobile Apps 'In Trouble,' Security Report Claims
A new report suggests mobile wallets catering to the cryptocurrency market may not be as secure as consumers may desire.
Updated Dec 10, 2022, 8:20 p.m. Published Nov 29, 2017, 4:55 a.m.
The vast majority of mobile cryptocurrency wallet apps employ poor security.
Or so claims new researchhttps://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html from San Francisco security firm High-Tech Bridge based on an analysis of more than 2,000 apps on Google Play. Of the first 30 crypto apps with up to 100,000 total installations, 93 percent contain at least three "medium-risk" vulnerabilities and 90 percent contain at least two "high-risk" issues.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
Among the most-downloaded apps, the numbers are a little better, but not by much. Ninety-four percent of apps with over 500,000 installations contain at least three "medium-risk" vulnerabilities and 77 percent contain at least two high-risk vulnerabilities.
The most common vulnerabilities, according to the analysis, include "insecure data storage," which means information that should be private can leak unintentionally, and "insufficient cryptography," which indicates some form of cryptography was implemented to shield data, but was used incorrectly.
In short, this means users might be at risk.
"Depending on the application functionality, design and vulnerabilities, a wide spectrum of nuisances is possible, up to sensitive data and even the wallet (private key) theft," said Ilia Kolochenko, CEO and founder of High-Tech Bridge.
He added:
"Unfortunately, I am not surprised with the outcomes of the research."
Kolochenko attributes the poor scores to a lack of emphasis on security across mobile development.
"For many years, cybersecurity companies and independent experts were notifying mobile app developers about the risks of 'agile' development that usually imply no framework to assure secure design, secure coding and hardening techniques or application security testing," he added.
Users and developers can use the company's free security analysis tool, Mobile X-Rayhttps://www.htbridge.com/mobile/, to plug in mobile apps and see the vulnerabilities for themselves.
However, when it comes to securing funds, there's plenty that can go wrong. The tech firm implies that its own research doesn't go far enough. Its analysis, for instance, only looks at the frontend of the apps, and there could be other problems in the backend.
The report remarks: "This is just the tip of the iceberg."
Broken lock image via Shutterstock
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
Bitcoin's massive underperformance to stocks in Q4 bodes well for January, says K33's Lunde
After an active morning Tuesday, bitcoin flattened out in afternoon trading around the $87,500 area, up 2% over the past 24 hours.
What to know:
- Bitcoin held in the $87,500 in U.S. afternoon action on Tuesday, up 2% over the past 24 hours.
- K33 analyst Vetle Lunde suggested BTC's relative weakness to stocks this quarter could mean rebalancing-led buying once January rolls around.
Top Stories
