App Security: It’s Even Worse Than You Thought
Developer and user perception of security doesn't match the reality, according to a detailed report that found vulnerabilities in a large percentage of apps.
Join the DZone community and get the full member experience.Join For Free
There’s been plenty written about the significant security dangers posed by mobile apps, but most people think the apps they use are secure. But, they’re wrong—the vast majority of mobile apps have security vulnerabilities. So says a survey from security firm Arxan. And, the results are likely even worse than you imagined.
The report, "State of Application Security, Perception versus Reality" is based on interviews with nearly 1,100 people in the US, UK, Germany, and Japan, including app users and IT executives involved in app security. The focus is on two types of mobile apps: health and finance.
The world according to the IT executives is quite rosy: 87% said their applications are adequately secure, and 82% believe everything is being done to protect their apps. Some 83% of app users surveyed believed the apps they use are adequately secure, but far less, 57%, believe that everything is being done to protect the apps they use.
As for the reality, it’s quite different. Arxan claims that 90% of 126 mobile health and finance apps it tested "were not adequately addressing two or more of the Open Web Application Security Project (OWASP) Top 10 Mobile Risks."
In addition, the report claims, 84% of the FDA-approved apps it examined and 80% of the apps approved by the National Health Service (NHS) it examined were vulnerable to at least two of the top 10 OWASP mobile risks.
The report also found that "98% of apps tested lacked binary code protection and could be reverse-engineered or modified." In addition, "84% of apps tested had poor transport layer protection and could lead to data and identify theft." Not surprisingly, more than 80% of app users surveyed would switch to a different app if they knew their app was vulnerable, or a similar one was more secure.
Here’s maybe the biggest shock of the report: It claims that half of organizations "have zero budget allocated to protecting mobile apps."
To see an infographic of the report, click here.
Published at DZone with permission of Amy Groden-Morrison, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.