Study: Most Business Apps Don't Do Enough To Protect Identifiable Information
In a security assessment done earlier this year by Wandera's SmartWire Labs, it appears that many of the most popular business apps used across North America, Europe, Asia, and the United Kingdom contain significant vulnerabilities.
Article provided by our partner
The ten apps analyzed in the report are widely used by enterprise employees, and have been downloaded approximately 1.4 billion times from Google Play. These apps also fell within the Apple App Store's top 0.05% of published apps classified under the business and productivity categories. The apps analyzed were assessed with the Open Web Application Security Project (OWASP) as a foundation.
This test found that the most common vulnerabilities in mobile apps were insecure data storage, insufficient transport layer protection, lack of binary protections, and insufficient authorization and authentication methods.
The OWASP report found the following:
- 10 of the 10 apps were found to be vulnerable to the OWASP's Top 10 mobile risks. The two most significant issues found were data storage security and data transport security.
- 10 of the 10 apps were found to have at least five of the 28 weaknesses tested, and failed to secure personally identifiable information in their data storage mechanisms.
- 9 of the 10 apps do not use certificate pinning, and are vulnerable to "man-in-the-middle" attacks. In the case of these apps, the protection mechanisms used were not properly implemented.
- 8 of the 10 apps tested allowed weak passwords, and 3 of the 10 apps allowed weak encryption.
It is important for enterprises to keep in mind that corporate data is contained in mobile apps, and mobile security should be a chief concern of enterprises and security employees. IT departments, then, must ensure third-party safety nets in mobile applications and adopt a holistic view of data security. Developers must also use a secure development process and properly test code before releasing apps to the public.
Download the full report here.
For more information about Wandera products click here.