We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Mobile Apps Fail Big Time at Security, Study Says

Major vulnerabilities lurk across popular mobile apps, according to viaForensics security study.

A study from digital security company viaForensics paints a stark picture of the vulnerability of smartphone user data. viaForensics evaluated 100 popular consumer apps running on Android and iOS, and found that 76 percent store usernames, while 10 percent store passwords as plain text. Those 10 percent included popular sites such as LinkedIn, Skype, and Hushmail.

And while only 10 percent of applications store both username and passwords as plain text, leaving them vulnerable to hacks, even the 76 percent who store only usernames that way are vulnerable.

"Many systems require only username and password, so having the username means that 50 percent of the puzzle is solved," said the report. It also noted that because many users tend to reuse user names, if someone unsavory gets that information, it can have reverberating effects. Your Facebook details could eventually lead to your credit card info, for instance.

Even more disturbing are the 10 percent of applications that fail to encrypt your password, which "poses a risk to consumers, because devices are frequently lost or transferred, and because malware could potentially grab the data," says the report.

When it comes to the security of mobile consumer applications, the social networking applications tested in the study did the worst, with 74 percent earning a "fail," indicating that sensitive data, such as passwords or account numbers, were recovered.

Other application categories fared better, but not overwhelmingly. Among productivity apps, 43 percent failed), while 25 percent of mobile financial apps and 14 percent of retail apps failed.

The retail safety looks pretty solid, but the report points out that no retail application actually "passed" the test. Rather the majority received a "warn" rating from viaForensics, indicating that the application's data was present on the smartphone but not encrypted.

And many other popular applications also store non-sensitive data in unencrypted format, including mobile software from Amazon.com, Best Buy, Facebook and Twitter, said the report.

What can you do? Security experts recommend using letters and numbers in all passwords, avoiding passwords that have an actual meaning, never using the same passwords or usernames for different applications, and avoid writing your passwords down, especially online where they could be unearthed by an outsider.

All applications, for personal or business use, seem to be failing viaForensics’ assessment. And while viaForensics is a security firm and has an incentive to paint a picture of mass Web insecurities, the trend these numbers point to should be taken very seriously, by consumers and businesses alike.


IDG UK Sites

Very best Black Friday 2014 tech deals UK: Latest bargains on phones, tablets, laptops and more...

IDG UK Sites

Tech trends 2015: 3D printing grows up

IDG UK Sites

10 mind-blowing Oculus Rift experiments that reveal VR's practical potential

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & other Black Friday tech offers