Mobile app security is a growing concern, but most companies are still struggling to keep up. Android has traditionally been the operating system associated with mobile security issues, but recent stats released by HP prove that iOS developers are also fighting an uphill battle. From Network World:
HP today said security testing it conducted on more than 2,000 Apple iOS mobile apps developed for commercial use by some 600 large companies in 50 countries showed that nine out of 10 had serious vulnerabilities.
Mike Armistead, HP vice president and general manager, said testing was done on apps from 22 iTunes App Store categories that are used for business-to-consumer or business-to-business purposes, such as banking or retailing. HP said 97% of these apps inappropriately accessed private information sources within a device, and 86% proved to be vulnerable to attacks such as SQL injection. …
In its summary of the testing, HP said 86% of the apps tested lacked the means to protect themselves from common exploits, such as misuse of encrypted data, cross-site scripting and insecure transmission of data.
Some apps didn’t properly encrypt data and some didn’t implement HTTPS correctly, meaning hackers could easily compromise apps or access and leak/exploit private information. Some apps had security measures built in but not used as the development process progressed – meaning the ultimate product wasn’t as secure as it could – and should – have been.
Poor security isn’t only bad for users, it’s detrimental to a brand’s reputation and might even put a company’s propriety information at risk. Don’t gamble with something as important as app security. Learn what you need to know in this free whitepaper on Mobile App Security Testing.