According to a recent HP Research Report, nine out of 10 mobile apps have vulnerabilities that could pose a security threat. HP Security Research tested a representative sampling of mobile applications that included reviewing the security of 2,107 applications by 601 companies listed in the Fortune Global 2000.[1]
About 97 percent of the mobile apps tested access some form of private information on the phone. Here’s the serious problem: about 86 percent of those mobile apps lack adequate security measures to block basic threats. As the use of mobile devices increase, so does the use of mobile apps. According to a recent Gartner Research report, mobile app downloads have almost doubled in the past year.[2] “While mobile devices are becoming more and more critical to conducting business, they are also becoming prime targets for attack, with vulnerable applications providing access to sensitive data,” said Mike Armistead, vice president and general manager, Enterprise Security Products, Fortify, HP. The drive to develop mobile apps may result in companies overlooking basic security checks in order to get their apps to market.
Armistead emphasizes that screening mobile apps for security threats is essential. He says, “Mobile applications now are the first line of defense against the adversary and organizations must be equipped to assess, assure and protect these applications to prevent damage from exploits.”
Companies developing and utilizing mobile apps should consider these four essential security issues:
- Privacy issues: What personal information is being accessed and are there proper security measures in place to protect the app from common exploits?
- Lack of binary protections: Basic security measures are often overlooked. It is essential to follow “best practices” when developing apps.
- Insecure data storage: Techniques must be in place for encrypting stored data on mobile devices such as passwords, passwords, personal information, session tokens, documents, chat logs and photos.
- Transport security: Many companies fail to protect credentials (username and password) both on the mobile applications on the web application counterparts.
Having a proper security plan in place is an essential part of your mobile technology strategy.
[1] Kristi Rawlinson. “HP Research Reveals Nine out of 10 Mobile Applications Vulnerable to Attack.” November 18, 2013 <http://www8.hp.com/us/en/hp-news/press-release.html?id=1528865#.Uo_pWmR4bxU>
[2] Janessa Rivera and Rob van der Meulen. “Gartner Says Mobile App Stores Will See Annual Downloads Reach 102 Billion in 2013.” September 2013 <http://www.gartner.com/newsroom/id/2592315>