We started off this week by talking about how mobile app security is slowly gaining priority and that there is hope for safety. Unfortunately it seems like there is no end to these threats and security breaches.
CERT (Center for Emergency Response Team) managed by the Computer Science students of Carnegie Mellon University released a list of vulnerable mobile applications and McAfee Labs in January tested the 25 most popular apps on the list. The university and McAfee Labs together ran the test and, surprisingly, 18 out 25 apps were found to be vulnerable. McAfee Labs have said that the mobile apps couldn’t fix basic flaws, reasons being poor programming and SSL issues. SSL (Secure Socket Layer) is a standard security technology for establishing an encrypted link between a server and a client. The weakened SSL caused vulnerability and left these apps exposed to hackers which contained the personal info of the students. Research by Appknox also suggests SSL to be one of the most commonly found issues in mobile apps.
The vulnerabilities in these apps had been brought into the notice of the developer by the users even before the test was conducted. The tests brought out the same vulnerabilities which were reported previously and this questions the sense of accountability of the developers. This callous attitude towards the users and customers could turn into the tarnishing of the brand’s image in the community.
Thinking from a developer point of view, they might not be aware of the remediation measures available to fix their app. For situations like these, Appknox helps developers scan and remediate their apps, making it safer for the users. Products like these now have come as a rescue to the issues which the developers face, which ultimately results in the safety and security of the users.