The vast majority of mobile apps store data insecurely, according to Positive Technologies researchers who discovered high-risk security vulnerabilities in 38% of iOS apps and 43% of Android apps.
“But this difference is not significant, and the overall security level of mobile application clients for Android and iOS is roughly the same. About a third of all vulnerabilities on the client side for both platforms are high-risk ones,” according to the annual report Vulnerabilities and Threats in Mobile Applications, 2019.
Researchers analyzed mobile apps tested last year and found that 76% of mobile apps store data insecurely. While insecure data storage was the most common vulnerability, 89% of the vulnerabilities discovered could be exploited by malware.
“Developers pay painstaking attention to software design in order to give us a smooth and convenient experience. People gladly install mobile apps and provide personal information, but rarely stop to think about the security implications,” the report said.
Rooted and jailbroken devices had a higher risk of infection, even though malware has the ability to escalate privileges and access user data or even send data to the attackers if permission is granted.
“In 2018, mobile apps were downloaded onto user devices over 205 billion times. Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information,” said Leigh-Anne Galloway, cyber-security resilience lead at Positive Technologies.
“However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue. Stealing data from a smartphone usually doesn’t even require physical access to the device.”
Mobile users are advised to pay closer attention when applications request access to phone functions or data because cyber-criminals rely on user’s inattention, which enables them to escalate privileges. Additionally, the report noted that "protection mechanisms are the weak spot in mobile applications. Most of the discovered vulnerabilities were introduced during the design stage and result from failure to 'think through' security-related questions."