Your Apps Could Have a Serious Security Vulnerabilities


A recent study of Android and Apple iOS users found that nearly three-quarters of the applications installed on these operating systems had information storage vulnerabilities leaving users open to hackers and identity theft.

After extensive testing of apps available on both Android and iOS, new study from Positive Technologies has shown that insecure information storage has become the most frequent security flaw in all mobile apps.

Insecure data storage is only one of a number of vulnerabilities that a security firm’s researchers said they’ve found after conducting safety assessments of several mobile software for both iPhones along with Google Android devices.

The company’s new Vulnerabilities and Threats in Mobile Applications 2019 report found that while critical vulnerabilities are somewhat more common in Android apps compared to in their own iOS counterparts (43% vs 38%), this difference is nominal as the security level of mobile apps is approximately equivalent.

Approximately a third of applications (about 35%) were found to display susceptibilities concerning insecure transmission of personal data, while researchers found that the same percentage demonstrated issues around incorrect implementation of session expiry.

Added vulnerabilities found in just under one in five of the tested software consist of sensitive data being stored in the program source code and insufficient protection against cyber attacks using brute-force practices.

Of the vulnerabilities found in mobile apps by Positive Technologies, 89 percent could be exploited by malware.

The risk of being infected with malware jumps on rooted and jailbroken apparatus though malware may also elevate privileges alone. Once installed on a victim’s apparatus, malware can ask for permission to access consumer information and if consent is given, the malware may then send that data back to the attackers.

Cybersecurity resilience lead at Positive Technologies, Leigh-Anne Galloway explained how smartphone consumers can protect themselves from insecure data storage and the growing malware threat, saying:

” In 2018, cellular apps were downloaded on consumer devices over 205 billion times. Programmers pay meticulous attention to applications design so as to give us a smooth and easy experience and individuals gladly install mobile apps and supply personal information. However, an alarming amount of apps are seriously insecure, and far less developer attention is spent on solving that problem. Stealing info from a smartphone usually does not even require physical access to this device.

“We recommend that users take a detailed look when applications request access to phone functions or information. Should you doubt that an application requires access to perform its job correctly, decline the petition. Users can also protect themselves by being vigilant on not opening anonymous links from SMS and chat programs, rather than downloading programs from third-party program shops. It is far better to be safe than sorry.”