In a world of having an app for just about anything, security takes a backseat while convenience trumps all.
A new report from Arxan showed that a significant number of apps from popular businesses lacked critical security features and protection. But consumers who use these apps are unaware of just how unsafe they are.
The 6-week study, conducted by researcher Aite Group for the cybersecurity firm Arxan, revealed that almost all financial service apps have major flaws in their security. An analysis of 126 popular apps spanning across health and finance indicated that 90% of them had high-security vulnerabilities.
Data from the Arxan’s fifth annual State of Application Security Report showed a huge disparity between the perceived notion and the actual reality of the level of app security.
In surveying 1,083 individuals across Japan, Germany, UK and the US – 268 IT executives and 815 consumers – it was found that
• 82% of executives and 57% of consumers believed “everything is being done” to secure apps.
• 87% of the executives and 83% of consumers felt their apps were “adequately secure”.
• 46% of executives and 48% of consumers said yes to whether they thought their app was likely to be hacked over the next six months.
• 80% said they would change their app if they knew it had a security risk.
But in reality, these percentages don’t match up to the actual findings of app security levels.
Mobile Security Risks in Health apps
In analyzing 126 apps from Japan, Germany, the UK, and the US, it was found that
• 90% had vulnerabilities in at least two areas listed by OWASP Security Project’s top 10 mobile risks.
• 84% of health apps that had FDA approval and 80% of apps with NHS approval were vulnerable to at least two risks.
• 98% lacked binary code protection which means the app could be reverse-engineered.
• 84% had poor transport layer protection.
Mobile Security Risks in Financial apps
• Out of the financial apps analyzed in the Arxan study, 92% had vulnerabilities in at least two risk areas of the top 10 mobile risks.
• 97% had their source code left unprotected.
• 80% had weak encryption algorithms allowing hackers to decrypt data easily.
• 90% shared services with other applications on the same device. This results in data from one app vulnerable on other apps.
Mobile Security Risk in E-commerce apps
In a study conducted by Appknox, which tested 100 e-commerce apps, it was found that
• 95% of them failed the basic security testing
• Over 68% had 4 or more loopholes
• 68% carried critical threats
• 95% had a risk of one of the top 5 threats
John Pironti, a security expert, stated that he wasn’t surprised by the findings of these reports. The same trends were seen during the dot-com boom in the late 1990s.
Despite the dire need for mobile security, a recent study by IBM showed that 50% of the companies had absolutely no budget for app security. Another IBM-sponsored report showed that there are close to 12 million mobile devices that are maliciously infected at any given point of time.
Furthermore, the IBM study showed that on average, a data breach can cost a company around $4million. So while there is no budget set aside now, it could prove costly later.
The mobile platform paved the way for a spike in cyber crimes which is predicted to incline further over the course of the next few years. Though these apps bring tremendous convenience, it is a wormhole for crime.
The Arxan study proves just how important mobile app security is for a company, especially one in financial services. In March 2019, Google said the percentage of PHAs (potentially harmful applications) in the Play Store rose from 0.02% in 2018 to 0.04% this year. Businesses need to be fully aware of the possible faults, loopholes, flaws, and vulnerabilities of their apps. Any app that manages sensitive data, especially financial information of consumers, must have top-notch security protocol in place. This will help garner the trust of customers and avoid any breaches.
The battle against cybercrime is never ending as hackers are constantly finding new ways to break through even the toughest security measures. It’s key to stay a few steps ahead of the game by proactively implementing cybersecurity measures.