Gartner Says That 75% Apps Are Vulnerable
Gartner released a report which says that more than 75 percent of mobile applications will fail basic security tests. Gartner said on Sunday that in 2015, the majority of mobile applications – whether in the Android, iOS or Windows Phone ecosystems – will not have basic business-acceptable security protocols in place.
Part of the issue with mobile app security is that employees download apps that access enterprise assets or perform business functions, but the security of the apps is not adequate to protect against attacks or meet the security requirements set out by company policy.
While there are numerous reasons behind mobile applications failing to pass event the basic security checks, the research shows that 75 percent of mobile security breaches through 2017 will be caused by mobile application misconfigurations, “rather than the outcome of deeply technical attacks on mobile devices.”
“Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance,” said Dionisio Zumerle, principal research analyst at Gartner. “Most enterprises are inexperienced on mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security.”
Zumerle said that existing static application security testing (SAST) and dynamic application security testing (DAST) vendors will need to modify and adjust their tests to address mobile technologies. Both SAST and DAST have been used for the past decade, but mobile applications, due to their variety and reliance on continually evolving mobile operating systems, are a fresh challenge.
“App stores are filled with applications that mostly prove their advertised usefulness. Nevertheless, enterprises and individuals should not use them without paying attention to their security. They should download and use only those applications that have successfully pass the basic security tests conducted by specialized application security testing vendors.”
95% E-commerce apps & 85% Banking apps – They All Fail Basic Security Tests
We did thorough research on the E-commerce apps and Banking apps previously @ Appknox and we found some mind blowing facts. We took 500 E-commerce apps from 5 different regions around the globe and 95% did not even pass Appknox basic security tests.
A similar study was observed in the Banking apps too, where we took around 100 mobile apps of banks and put it under our scans. Customers should be aware that their data is so vulnerable in the hands of the banks across the world. 85% of the mobile apps of the banks we scanned were found failing basic security tests.
Through 2017, Gartner predicts that 75 percent of mobile security breaches will be the result of mobile application misconfigurations, such as the misuse of personal cloud storage in tandem with enterprise data.