High Risk of Data Leaks in Mobile Apps
In a recent study, it was found that 90% of mobile applications carry a risk of personal data being leaked. This means that the vast majority of apps have a minimum of one bug that can act to compromise user privacy.
The data may leak within the device being used or even over a network making it vulnerable to hackers.
Mobile app testing engines are having to become more and more sophisticated to identify leaks, recent additions to these include being able to look at GDPR violations.
The leak of PII (Personally Identifiable Information) is specifically covered by GDPR and can cover a multitude of data including locations as well as usernames and passwords. It seems that many mobile apps routinely share this information as well as other device-related data like serial numbers, MAC address or International Mobile Equipment Identity (IMEI) details. The risk is that most of this can be picked up online by hackers or others with malicious intent.
A study of mobile apps conducted last year indicated that 85% of mobile apps had issues with security indicating that mobile apps are lagging behind the improvements in safety and speed seen in web apps.
Hackers realize they can gain far more by targeting mobile apps and this is reflected in some high profile cases of security breaches. In some cases around 150million people were informed that their details had been stolen. Even large multinationals are at risk: Air Canada’s mobile app was breached affecting the data of over 1.4million people.
Mobile app security is harder to achieve than browser security because developers must specifically include code to integrate it. However, businesses need to tackle this issue particularly since they are more and more reliant on their mobile apps.
One of the key changes needed is to make sure that DevOps create processes to deal with the building, designing and security of the mobile apps which are continually tested throughout development. It should become automatic to include a higher level of security in the apps based on the knowledge that they are increasingly vulnerable to breaches.