40% mobile apps not safe for handling data: Study

About 40 percent of mobile application vulnerabilities detected are related to unsafe handling of data, claimed a new survey ‘State of Mobile Application Security in India’ conducted by Indusface. While sectors like BFSI and e-commerce that conduct a large part of their business over mobile and web are already taking proactive measures to protect their data transactions, others that are becoming more mobile-enabled also need to focus more on mobile app security, suggests the study.

The Indusface Research Team conducted an in-depth testing around the Top 10 mobile vulnerabilities listed by OWASP and found that 23 percent of mobile apps suffered from insecure data storage vulnerability, 17 percent of mobile apps were suffering from unintended data leakage vulnerability and 10 percent suffered from weak server side controls.
[caption id=“attachment_88057” align=“alignleft” width=“380”] Image: Thinkstock[/caption]

The team tested more than 100 mobile applications across a set of Indian companies and detected 21,000 vulnerabilities.

“This shows that enterprise mobile apps are extremely vulnerable to data leaks,” stated the report.

An interesting finding of the survey was related to vulnerability of mobile apps on Apple iOS as against Android.

Although a majority of security breaches and hacking incidents reported in the past have been on Android apps, the research team discovered that some of the critical mobile apps on Apple iOS could actually be more vulnerable to security threats.

According to the survey, while the high level vulnerabilities were divided equally (50 percent) between the two operating systems, among the critical ones Apple iOS was found to be much more vulnerable at 67 percent in comparison to Android which stood at 33 percent.

“The phenomenal increase in mobile usage has also increased the risk of vulnerabilities. Almost all the mobile apps we use today have access to all the data on a user’s phone, including business data, which can be extremely risky. Therefore, it has become critical for businesses to focus in a big way on mobile app security and find ways to protect their business critical information,” Ashish Tandon, chairman and CEO, Indusface said.