Mobile apps often ask for personal data to perform their tasks. “This app would like access to your email address, friends’ list, photos, etc., etc.,” right? And we all just click the “OK, sure” button. A recent study from HP, though, suggests app developers need to focus more on keeping that personal information safe.
Nine out of 10 of the more than 2,000 iOS apps HP tested possessed a vulnerability that could represent a security threat. It also found that 97 percent of mobile apps accessed at least one piece of personal information–and 86 percent of those apps did not have proper measures in place to protect your data from “the most common exploits.”
“Sensitive corporate data and personal information are often housed side by side on insecure devices,” the company said in a release, which also promoted its HP Fortify on Demand security product.
The most common security threats were the following:
- 75 percent of the apps did not use proper encryption for storing data, such as passwords
- 86 percent lacked binary hardening, which can protect against information disclosure, buffer overflows and poor performance
- 18 percent shared information such as user names without SSL encryption; another 18 percent used SSL but incorrectly
Testing was conducted in October and November 2013 on 2,107 applications from 601 companies on the Forbes Global 2000 list. HP Security Research used its HP Fortify on Demand product to conduct the tests.