Only 3 of the top 150 Android apps can detect reverse engineering tool Frida — here's why that's bad

A recent analysis of the 150 top Android apps by Norwegian cybersecurity firm Promon found that 144 of them could be successfully configured to operate within the controlled testing environment of the reverse engineering tool Frida. Only three of the apps tested actively detected Frida’s presence and shut down or limited functionality.

What does that mean? Well, it means that roughly 97% of the most popular Android apps are vulnerable to exploitation by threat actors and have a security gap that needs to be addressed.

As reported by Cybernews, Frida is a dynamic instrumentation toolkit that has grown in popularity among security researchers, reverse engineers and malware analysts. It can be used legitimately but has also become a primary tool used by malicious actors to attack apps. This tookit is considered an essential first step to reverse engineer any app.

A security researcher at Promon, Simon Lardinois, says that though not all apps are required to detect Frida, the fact that 97% do not “raises significant concerns as it becomes an open invitation for exploitation.” He adds that “For apps that process sensitive data or have sensitive features, this is certainly a wake up call to implement more robust detections for Frida.”

The cybersecurity experts involved were surprised to find that so few of the top apps tested were protected from common hooking framework, and the reports findings state that this “underscores the need for increased awareness and proactive security measures within the Android development community.”

Organizations that want to keep user data secure should seek to incorporate Frida detection techniques; these would range from identifying unique library names and memory strings commonly associated with Friday to examining names threads, enumerating exported functions and monitoring network resources.

Promon also points out that attackers are evolving in their evasion techniques, customizing Frida by stripping down its footprint to bypass these detection mechanisms.

Unfortunately, the apps tested were not named in the report, however they were the most popular apps based on monthly active users as of November 2024 – with more than 550 million users daily and 206 million monthly users on average.

How to stay safe

In order to stay safe from malicious apps and other mobile threats, you should always keep your phone up to date by installing the latest updates as soon as they become available. In addition to its operating system though, you also want periodically update all of your apps too.

For an added layer of protection, you want to make sure you've got one of the best Android antivirus apps installed on your phone as well. They can help remove malware, flag suspicious activity like fraud and phishing attempts and provide you with a secure VPN or even a password manager. If you're on a tight budget though, Google Play Protect can help keep your phone safe from bad apps and best of all, it comes pre-installed on all of the best Android phones.

Now that Promon has found that so many of the most popular apps can be used with Frida by attackers in addition to security researchers, expect the makers of this security tool to add additional safeguards to it soon.

More from Tom's Guide

• Fake video conferencing app is stealing passwords and spreading malware - how to stay safe
• FBI tells iPhone and Android users to stop texting each other amid major security breach
• Dangerous Pegasus spyware could be hiding on your iPhone — this $1 app can find it