App Security: It’s Even Worse than You Thought

Infographic - Perception of Security (Source: Arxan)

Infographic – Perception of Security (Source: Arxan)

There’s been plenty written about the significant security dangers posed by mobile apps, but most people think the apps they use are secure. But they’re wrong — the vast majority of mobile apps have security vulnerabilities. So says a survey from security firm Arxan. And the results are likely even worse than you imagined.

The report, “State of Application Security, Perception versus Reality,” is based on interviews with nearly 1,100 people in the U.S., UK, Germany and Japan, including app users and IT executives involved in app security. The focus is on two types of mobile apps: health and finance.

The world according to the IT executives is quite rosy: 87% said their applications are adequately secure, and 82% believe everything is being done to protect their apps. Some 83% of app users surveyed believed the apps they use are adequately secure, but far less, 57%, believe that everything is being done to protect the apps they use.

Infographic - Reality of Security (Source: Arxan)

Infographic – Reality of Security (Source: Arxan)

As for the reality, it’s quite different. Arxan claims that 90% of 126 mobile health and finance apps it tested “were not adequately addressing two or more of the Open Web Application Security Project (OWASP) Top 10 Mobile Risks.”

In addition, the report claims, 84% of the FDA-approved apps it examined and 80% of the apps approved by the National Health Service (NHS) it examined were vulnerable to at least two of the top 10 OWASP mobile risks.

The report also found that “98% of apps tested lacked binary code protection and could be reverse-engineered or modified.” In addition, “84% of apps tested had poor transport layer protection and could lead to data and identify theft.” Not surprisingly, more than 80% of app users surveyed would switch to a different app if they knew their app was vulnerable, or a similar one was more secure.

Here’s maybe the biggest shock of the report: It claims that half of organizations “have zero budget allocated to protecting mobile apps.”

There’s a lot more eye-opening in the report. For more details and additional reports, click here. To access the full report, click here to download the PDF.

To see an infographic of the report, click here. To learn more about Arxan, click here.