Three quarters of Android and iOS apps have security vulnerabilities related to insecure data storage, according to a new report by enterprise security company Positive Technologies.
The report, first highlighted by ZDNet, lays out the security issues identified in many apps found on both the Google Play store and the iOS App Store. The insecure storage of data from apps could lead to information like passwords, financial details, personal data, and communications being accessible by hackers.
In addition to insecure data storage, which was the most commonly identified security issue, vulnerabilities classified as “high risk” were identified in 38% of iOS apps and 43% of Android apps. The report did not single out particular apps which were security threats, but rather identified trends throughout app design which could lead to security issues.
A particular concern raised by the report is that apps do not only work on the client side (i.e. on the user’s phone). They also often transmit data to a server which is hosted by the developer. While modern phone operating systems have some security mechanisms in place to prevent inappropriate access to data, there are often no such protections in place for data stored on the developer’s server or moving between the phone and the server. This means that vulnerabilities are just as common on the server side as on the client side.
The report includes recommendations for developers on how to create apps with better security, but what about for users? Firstly, users should pay attention to what access apps request when they are first installed. Look at what permissions an app is asking for and consider whether it is reasonable for the app’s function. If it is not, don’t install the app. Also, the report advises against rooting or jailbreaking your device as this disables some of the operating system’s built-in security features.
Other recommended regular security practices include using a properly randomized password or pin (not your birthday) and being careful what links you click on. You should also update your OS and your apps regularly, avoid third-party app stores, and not plug your phone into unknown PCs or charging stations.
And finally, lest you think that one operating system is better than another in terms of app security, the report warns against this. Although there were slightly more vulnerabilities found in Android than iOS apps, the report states that “this difference is not significant, and the overall security level of mobile application clients for Android and iOS is roughly the same.”