Here are a few of the key findings:
- 35 percent of all mobile apps tested had vulnerabilities relating to the insecure transmission of sensitive data.
- 35 percent had issues with the incorrect implementation of session expiration
- 20 percent had problems relating to sensitive data being stored in the app source code and insufficient protection against cyber attacks using brute-force techniques
- 29 percent of tested apps contained vulnerabilities relating to insecure inter-process communications, which are classed as high risk
Overall, high-risk vulnerabilities were found in 38 percent of tested iOS apps, and 43 percent of Android apps. Even worse, 89 percent of the vulnerabilities that were discovered could be exploited via malware. The hacker targeting the device would never even need to take physical control of the device.
Leigh-Anne Galloway (one of the people responsible for the report) said:
“Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information. However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue. We recommend that users take a close look when applications request access to phone functions or data. If you doubt that an application needs access to perform its job correctly, decline the request.”
Wise words, and very good advice. So back to the initial question, and with the statistics above in mind, how many apps do you have on your phone?