Categories: Business / Mobile Apps
Just how secure are your favorite mobile apps? According to research from WhiteHat Security, probably not secure enough. This spells trouble for both users and businesses.
Some 85% of apps violated one or more OWASP (Open Web Application Security Project) top 10 mobile risks. This means that the vast majority of apps out there are vulnerable to attack. Sometimes in several ways.
Data storage is the biggest risk
The most common risk was related to data storage. Half of all the apps analyzed flunked due to data storage and data leakage. The problems were slightly greater with Android apps than iOS apps. Data theft and leakage is even more of an issue with implementation of the GDPR, as poor data security could mean breaching GDPR rules.
Insecure communication was another issue: 30% of mobile apps still used HTTP instead of HTTPs. Additionally, 50% of iOS apps weren’t using recommended methods for ensuring secure encrypted communications.
But it wasn’t not all bad. In general, mobile apps are solid when it comes to authentication and authorization.
How businesses can make their mobile apps secure
As businesses transition over to web and mobile applications, they need to be increasingly mindful of security risks. Security needs to be built into their mobile apps – not added as an afterthought. This will help protect both consumers and the businesses themselves.
Risks to check for include:
- Vulnerabilities across different devices. Different devices and OS versions come with different vulnerabilities.
- Vulnerabilities across different platforms. Mobile and web apps have different vulnerabilities.
- Weak encryption methods. Poor encryption allows hackers to “see” data such as usernames, passwords and personal information.
- Weak hosting controls. Exposing server-side systems gives hackers another option for accessing unauthorized data.
- Insecure data storage. Storing data directly on a device can compromise it.
Mobile app security matters
Mobile apps are increasingly central to how we do our jobs or communicate with clients. But as the stakes increase, so do the risks. Defining and applying secure practices end-to-end is a must for reducing risk for your customers, your clients and your brand.
Building a mobile app and want to ensure it’s secure? Get in touch!