Arxan created this fine infographic displaying the state of mobile application security in 2016. Here is what they found through extensive research.
1083 individuals were surveyed in the US, UK, Germany and Japan. 268 were IT executives with security oversight or insight into the mobile health/and/or finance apps they produce 815 were consumers that use mobile health or finance applications.
Summary of perceptions of application executives vs end users
- 87% of executives felt their mobile applications are secure while 83% of consumers felt they were secure. Very close results!
- 82% of executives believe everything is being done to protect their apps while only 57% of consumers felt the same way.
- 46% of executives think their app will likely be hacked within the next 6 months and consumers felt the same with a close 48% agreeing.
The reality of App security
For the survey, 126 of the most popular mobile health and finance apps from the US, UK, Germany and Japan were tested for security vulnerabilities using tools for Mi3. Apps approved by regulatory or governing bodies were also included in the security assessment.
- 90% of 126 mobile applicaitions tested were vulnerable to at least 2 of the owasp (Mobile Security Project) mobile top 10 risks.
- 84% of FDA-approved apps and 80% of apps formerly approved by the NHS were vulnerable to at least 2 OWASP mobile top 10 risks.
- 98% of apps tested lacked binary code protection and could be reverse-engineered or modified.
- 84% of apps tested had poor transport layer protection and could lead to data and identity theft.
- 80% of app users would change providers if their app is known to be vulnerable or if a similar app was more secure. 50% of organizations have zero budget allocated to protecting mobile apps – a very frightening statistic in this day and age!
Recommendations for App Executives
- Set your security bar above the regulations – regulatory bodies are lagging cyber criminals. Applications “approved” by trusted sources such as governing bodies like the FDA or the NHS are just as vulnerable as other apps.
- Strengthen your weakest links – Address elements of the owasp mobile top 10 risks that are neing neglected. lack of binary code protection and lack of transport layer protection were the two most prevalent security risks identified
- Make security your competitive advantage – Market the strength of security in your applications as a means to attract and retain customers. security is increasingly becoming a determining factor in purchasing and usage decisions.
Security Measures For App Users
- Only download apps from authorized sources – most authorized app stores have some security protocols in place to help ensure applications can be trusted.
- don’t jailbreak or root your devices – jail-breaking/rooting devices negates security measures that are designed to help protect you and your data.
- demand transparency of your app’s security – Just like food and nutrition labels, understand what risk you are “consuming” before downloading your apps. Become an advocate for certification and risk transparency.
App safely everyone!