Nearly 90% of mobile apps vulnerable to attack – Study

Up to nine out of 10 mobile apps – including those on Apple iOS products – may have security vulnerabilities that can be potentially exploited, a new study has found.

 

HP Fortify, Hewlett-Packard's enterprise security arm, found even corporate mobile apps have such security holes, according to a report on ZDNet.

 

"Only iOS apps were tested, but HP says that there is good reason to believe the same problems exist in any Android counterparts," ZDNet said. 

 

It said HP used its "Fortify On Demand for Mobile" to test some 2,107 applications published by 601 companies on the Forbes Global 2000.

 

Also, it said Fortify's conclusions suggest mobile developers "need to follow best practices if they don't want to expose their users and company to attack."

 

"They should scan their applications using a tool like Mobile Fortify on Demand; implement penetration testing; and adopt one of the many secure coding development lifecycle approaches," it said.

 

ZDNet said the HP study showed 86 percent of apps that "accessed potentially private data sources, such as address books or Bluetooth connections, lacked sufficient security measures to protect the data from access."

 

It said 86 percent of the tested apps lacked binary hardening protection while 75 percent did not encrypt data before storing it on the device.

 

"This data included passwords, documents, chat logs, just about anything," it said.

 

Also, the study found 18 percent of apps transmitted data over the network without using SSL encryption, and another 18 percent used SSL "but did so incorrectly."

 

But ZDNet quoted HP Fortify vice president and general manager for Enterprise Security Products Mike Armistead as saying 71 percent of the vulnerabilities were "problems on the server end of the app." — KDM, GMA News