A recent analysis of 150 top Android apps by Norwegian cybersecurity firm Promon found that 144 apps could be successfully configured to run within the controlled testing environment of the reverse engineering tool Frida. Of the apps tested, only three actively detected Frida's presence and either shut it down or restricted its functionality.

What does this mean? It means that roughly 97% of the most popular Android apps are vulnerable to exploitation by threat actors and have security gaps that need to be addressed. [As reported by Cybernews, Frida is a dynamic instrumentation toolkit that is growing in popularity among security researchers, reverse engineers, and malware analysts. It can be used legitimately, but it has also become a primary tool used by malicious actors to attack apps. This takeit is considered an essential first step to reverse engineer any app. [Simon Lardinois, a security researcher at Promon, said that while not all apps need to detect Frida, the fact that 97% do not “raises serious concerns because it is an open invitation to abuse.” He added, “For apps that process sensitive data or have sensitive functions, this is definitely a wake-up call for more robust detection of Frida.”

The cybersecurity experts involved were surprised to find that very few of the top apps tested were protected against common hooking frameworks, and the report's findings indicate that this “has led to increased awareness within the Android development community and proactive . underscores the need for security measures,” it states. [Organizations that want to keep user data secure should strive to incorporate Frida detection techniques, from identifying unique library names and memory strings commonly associated with Friday, to inspecting thread names, enumerating exported functions, and monitoring network resources. [Promon also notes that attackers are evolving evasion techniques and customizing Frida by shaving off its footprint in order to circumvent these detection mechanisms.

Unfortunately, the apps tested were not named in the report, but were the most popular based on monthly active users as of November 2024, with over 550 million daily users and an average monthly user count of over 206 million.

To protect yourself from malicious apps and other mobile threats, you should always keep your phone up-to-date by installing the latest updates as soon as they become available. But in addition to its operating system, you also want to regularly update all of your apps too. For an added layer of protection, you want to make sure you have one of the best Android antivirus apps installed on your phone as well. They can help remove malware, flag suspicious activity like scams and phishing attempts, and provide a secure VPN or password manager. But if you're on a tight budget, Google Play Protect helps keep your phone safe from malicious apps and best of all, it comes preinstalled on all of the best Android phones.

Promon has discovered that so many of the most popular apps can be used for freebies by security researchers as well as attackers, now expect the makers of this security tool to add additional safeguards to it soon.