Report by Checkmarx and AppSec Labs Shows Each Mobile App Exposed to More than 9 Vulnerabilities
Checkmarx, a global leader in software security testing and protection solutions, and AppSec Labs, mobile application security experts, released a report entitled The State of Mobile Application Security 2014-2015. The report showed the alarming rate of mobile application vulnerability finding that each app is exposed to an average of 9 different vulnerabilities. The report also casts doubt on the common myth that iOS is more secure than Android by highlighting that in the field of vulnerabilities built into the code or application logic, the vulnerability of iOS and Android Applications is almost identical.
“The mobile application industry is growing at an explosive pace, yet security issues of mobile applications are lagging behind. During 2014-15, Appsec Labs and Checkmarx tested hundreds of mobile applications, of all types including banking, utilities, retail, gaming and even security oriented applications, said Asaph Schulman, VP Marketing at Checkmarx. “The results of the study were nothing short of alarming and unless we improve secure coding practices we should expect an increase of major hacks via the mobile application vector in the near future”.
Among the types of applications tested were banking applications of high-street retail banks which access the personal data of millions of private individuals. Even those applications, which undergo rigorous security testing, were found to suffer from critical vulnerabilities such as faulty authentication, data leakage and more.
Some of the reports key findings are as follows:
- Each app is exposed to an average of 9 different vulnerabilities, 38% of which are critical or high severity
- 40% of detected vulnerabilities in iOS applications were found to be critical or high severity compared to only 36% on Android
- 50% of vulnerabilities are either personal/sensitive information leakage or authentication and authorization faults
AppSec Labs founder Erez Metula said: “When we undertake penetration testing for our customers, we’re often asked to test both the Android and iOS versions of the same app. We realized that since iOS developers wrongly assume that iOS is “more secure”, they let themselves take poor security decisions that open up vulnerabilities in their app.”
[su_box title=”About Checkmarx” style=”noise” box_color=”#336588″]Checkmarx is a leading developer of software solutions used to identify, fix and block security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk before applications are released. The company’s customers include 5 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including SAP, Samsung, Salesforce.com, Coca Cola and the US Army.[/su_box]
[su_box title=”About AppSec Labs” style=”noise” box_color=”#336588″]AppSec Labs is a vibrant team of professionals who love application security. Founded by Erez Metula, a world renowned application security expert and the author of Managed Code Rootkits. AppSec Lab’s mission is to raise awareness of the software development world to the importance of integrating software security across the development lifecycle and the team has accumulated years of experience in penetration testing, consulting and training of secure coding and hacking at the highest level. AppSec Labs are constantly researching and developing new professional tools to improve penetration testing for a multitude of platforms.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.