But are they safe?
Recent studies indicate that enterprises developing hybrid mobile apps may need to pay more attention to security and privacy concerns than those developing native mobile apps.
Syracuse researchers found that an affected app could inject code with a malicious payload via a number of sources including the seven below:
When the app unwittingly executes the malicious code by performing one of the above listed functions, one of two things can occur. First, the malicious code can surreptitiously capture the victim’s sensitive information off their mobile device and exfiltrate it to an attacker. Second (and potentially worse), the app may spread its malicious payload like a worm - SMS text messaging itself to all of the user’s contacts.
App susceptibility to code injection is just one of the many vulnerability-related testing elements that ICSA Labs can test for in its mobile app testing program.