The report suggests Android has the biggest problem, with over 10 percent of apps open to attack.
The researchers scanned almost 11,000 Android apps that have more than a million downloads each and found that over 1000 of them were still vulnerable because they use an Open SSL library to connect to HTTPS servers. They wrote:
These 1228 apps have been downloaded over 6.3 billion times. Of these 1228 Android apps, 664 use Android’s bundled OpenSSL library and 564 have their own compiled OpenSSL library. All these OpenSSL versions are vulnerable to FREAK.
And when it comes to Apple’s iOS, things certainly don’t look much better. Out of over 14,000 popular iOS apps tested, 5.5 percent of them were connecting to the vulnerable HTTPS servers as well. However, this only applies to older version of the OS. Just seven of the vulnerable apps remain unfixed on iOS 8.2.
➤ FREAK Out on Mobile [FireEye]