Mobile Security: A Neglected Priority

Written by Mario Agüero|Posted on February 26, 2023

header image

Mobile apps have long since evolved from a novelty aspect of early smartphones into a suite of essential tools for interacting with people, goods, and services in daily life. A recent report found that apps take up more than 80% of the time users spend on their phones. Given this, it’s no surprise that businesses prioritize mobile app development to stay competitive in the digital market. However, research shows that these same businesses are failing to make sure that their apps are sufficiently secure or private.

The latest Annual Penetration Risk Report from NowSecure and Coalfire has revealed glaring security weaknesses in the most popular commercial apps, covering a range of industries such as airline, finance, on-demand apps, healthcare, e-commerce, travel, and more. The results found that 99% of all tested Android and iOS mobile apps failed the OWASP Mobile Application Security Verification Standard (MASVS).

Best and Worst Performing Industries

A thorough benchmark analysis by the security specialists found that automotive apps were the most secure across the board, with airline mobile apps scoring second best, and fintech coming in third. Industries that had worryingly low standards of security and privacy included travel apps and pharmaceutical apps, with around 40% of apps in these sectors having serious security issues.

The Most Common Security Issues

The report highlighted security vulnerabilities in the following aspects of many commercial mobile apps:

  • Network communication
  • Data storage
  • Cryptography
  • Permissions

When it comes to privacy, issues were also found with leaking user or app data over the network, exposing personal data to other apps on the phone, and revealing geolocation data.

Steps Toward Better Mobile App Security Organizations that seek to benefit from a quality mobile application need to prioritize app security and privacy during the development process or risk the breach of sensitive company data or user data. That’s why businesses should partner with IT vendors who can prove expertise in QA and DevSecOps for mobile apps specifically, as they have different requirements than web app development.

To read the original article, click here.

Mario Agüero

Mario Agüero

General Manager

Co-Founder

Buenos Aires, Argentina

View profile