Most Mobile Apps Have A Major Security Vulnerability, iOS Least Secure

iPhone Loading
Well, this is surprising—a new security report makes the bold claim that "all mobile applications are vulnerable" to one kind of threat or another, and it really does not matter whether you are using Android or iOS. In fact, according to the report, iOS is not only just as insecure as Android, but even more so, if looking at the more critical vulnerabilities that exist.

The report was put together by researchers at Positive Technologies, a global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection (according to the company's About page). According to the report, users downloaded mobile apps over 205 billion times last year.

"Modern mobile OSs come with various security mechanisms. By default, an installed app can access only files in its own sandbox directories, and user rights do not allow editing system files. Nevertheless, errors made by developers in designing and writing code for mobile applications cause gaps in protection and can be abused by attackers," the report states.

There are a lot of claims and a mountain of data to digest in the report, and quite frankly, it is kind of all over the place. For example, the report states that high-risk vulnerabilities were found in 38 percent of mobile applications for iOS and 43 percent of Android apps, which is not a significant difference. However, if lumping in medium vulnerabilities as well, iOS is less secure.

Here's a breakdown...

Mobile Vulnerabilities Data
Source: Positive Technologies

Perhaps it is more accurate to state that iOS is less secure where it matters most. Regardless, if you do the math, 84 percent of apps on iOS contain medium or high risk vulnerabilities, compared to 70 percent on Android. That's a difference of 14 percent between the two platforms.

If you own an iPhone, there is no need to kick rocks, though. It's not as though the situation is peachy on Android. If looking at low risk vulnerabilities, there are nearly twice as many on Android (30 percent) compared to iOS (16 percent). You win some, you lose some.

Rather than pick nits over one platform over the other, the report's general takeaway is that vulnerabilities abound at every turn. Researchers at PT say that insecure data storage is the most common issue, found in 76 percent of mobile applications. As a result, things like passwords, financial information, personal data, and correspondence are at risk.

In some cases, physical access to a handset is needed to leverage a vulnerability. However, the report notes that a whopping 89 percent of vulnerabilities can be exploited using malware, and therefore pose remote threats.

"Most cases are caused by weaknesses in security mechanisms (74 percent and 57 percent for iOS and Android apps, respectively, and 42 percent for server-side components). Because such vulnerabilities creep in during the design stage, fixing them requires significant changes to code," the report states.

There is quite a bit of information contained in the report (hit the link the Via field below). I also feel that PT is being a bit of a self-serving alarmist here. No doubt there are vulnerabilities on both Android and iOS, including high risk ones. But at the same time, it's not as though devices are being hacked left and right. Still, this is good info for developers.
Show comments blog comments powered by Disqus