Checkmarx, a global leader in software security testing and protection solutions, and AppSec Labs, mobile application security experts, today released a report entitled The State of Mobile Application Security 2014-2015. The report showed the alarming rate of mobile application vulnerability finding that each app is exposed to an average of 9 different vulnerabilities. The report also casts doubt on the common myth that iOS is more secure than Android by highlighting that in the field of vulnerabilities built into the code or application logic, the vulnerability of iOS and Android Applications is almost identical.
“The mobile application industry is growing at an explosive pace, yet security issues of mobile applications are lagging behind. During 2014-15, Appsec Labs and Checkmarx tested hundreds of mobile applications, of all types including banking, utilities, retail, gaming and even security oriented applications, said Asaph Schulman, VP Marketing at Checkmarx. “The results of the study were nothing short of alarming and unless we improve secure coding practices we should expect an increase of major hacks via the mobile application vector in the near future”.
Among the types of applications tested were banking applications of high-street retail banks which access the personal data of millions of private individuals. Even those applications, which undergo rigorous security testing, were found to suffer from critical vulnerabilities such as faulty authentication, data leakage and more.
Some of the reports key findings are as follows:
- Each app is exposed to an average of 9 different vulnerabilities, 38% of which are critical or high severity
- 40% of detected vulnerabilities in iOS applications were found to be critical or high severity compared to only 36% on Android
- 50% of vulnerabilities are either personal/sensitive information leakage or authentication and authorization faults
AppSec Labs founder Erez Metula said: “When we undertake penetration testing for our customers, we’re often asked to test both the Android and iOS versions of the same app. We realized that since iOS developers wrongly assume that iOS is “more secure”, they let themselves take poor security decisions that open up vulnerabilities in their app.”
The full report and its key findings can be found here.