Over a million developers have joined DZone.

App Security: It’s Even Worse Than You Thought

Developer and user perception of security doesn't match the reality, according to a detailed report that found vulnerabilities in a large percentage of apps.

· Mobile Zone

Infographic - Perception of Security (Source: Arxan)Infographic – Perception of Security (Source: Arxan)

There’s been plenty written about the significant security dangers posed by mobile apps, but most people think the apps they use are secure. But, they’re wrong—the vast majority of mobile apps have security vulnerabilities. So says a survey from security firm Arxan. And, the results are likely even worse than you imagined.

The report, "State of Application Security, Perception versus Reality" is based on interviews with nearly 1,100 people in the US, UK, Germany, and Japan, including app users and IT executives involved in app security. The focus is on two types of mobile apps: health and finance.

The world according to the IT executives is quite rosy: 87% said their applications are adequately secure, and 82% believe everything is being done to protect their apps. Some 83% of app users surveyed believed the apps they use are adequately secure, but far less, 57%, believe that everything is being done to protect the apps they use.

Infographic - Reality of Security (Source: Arxan)

Infographic – Reality of Security (Source: Arxan)

As for the reality, it’s quite different. Arxan claims that 90% of 126 mobile health and finance apps it tested "were not adequately addressing two or more of the Open Web Application Security Project (OWASP) Top 10 Mobile Risks."

In addition, the report claims, 84% of the FDA-approved apps it examined and 80% of the apps approved by the National Health Service (NHS) it examined were vulnerable to at least two of the top 10 OWASP mobile risks.

The report also found that "98% of apps tested lacked binary code protection and could be reverse-engineered or modified." In addition, "84% of apps tested had poor transport layer protection and could lead to data and identify theft." Not surprisingly, more than 80% of app users surveyed would switch to a different app if they knew their app was vulnerable, or a similar one was more secure.

Here’s maybe the biggest shock of the report: It claims that half of organizations "have zero budget allocated to protecting mobile apps."

There’s a lot more eye-opening finds in the report. For more details and additional reports, click here. To access the full report, click here to download the PDF.

To see an infographic of the report, click here.

Topics:
mobile ,mobile security ,security

Published at DZone with permission of Amy Groden-Morrison, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}