40% Mobile Apps not safe for handling data: Indusface Mobile Application Security Survey
Indusface, an application security solutions providers for web and mobile applications, recently conducted a survey on the 'State of Mobile Application Security in India' across a set of enterprises where it found that as much as 40% of mobile application vulnerabilities detected are related to unsafe handling of data. While sectors like BFSI and E-commerce that conduct a large part of their business over mobile and web are already taking proactive measures to protect their data transactions, others that are becoming more mobile-enabled also need to focus more on mobile app security, suggests the study.
The Indusface Research Team conducted an in-depth testing around the Top 10 mobile vulnerabilities listed by OWASP and found that 23% of mobile apps suffered from insecure data storage vulnerability, 17% of mobile apps were suffering from unintended data leakage vulnerability and 10% suffered from weak server side controls. The team tested more than 100 mobile applications across a set of Indian companies and detected 21K vulnerabilities. This shows that enterprise mobile apps are extremely vulnerable to data leaks, stated the report.
Ashish Tandon, Chairman and CEO, Indusface said, "The phenomenal increase in mobile usage has also increased the risk of vulnerabilities. Almost all the mobile apps we use today have access to all the data on a user's phone, including business data, which can be extremely risky. Therefore, it has become critical for businesses to focus in a big way on mobile app security and find ways to protect their business critical information."
An interesting finding of the survey was related to vulnerability of mobile apps on Apple iOS as against Android. Although a majority of security breaches and hacking incidents reported in the past have been on Android apps, Indusface Research Team discovered that some of the critical mobile apps on Apple iOS could actually be more vulnerable to security threats. According to the survey, while the high level vulnerabilities were divided equally (50%) between the two operating systems, among the critical ones Apple iOS was found to be much more vulnerable at 67% in comparison to Android which stood at 33%.
The other key findings of the survey were related to degrees of vulnerability, specific apps and level of preparedness among enterprises, particularly in the E-commerce and BFSI sectors that are heavy users of mobile and web applications.
Tandon explained further, "Protecting mobile applications could be tougher than protecting web applications due to their greater diversity and evolving operating systems. At Indusface, we follow a hybrid mobile application testing approach wherein we do a complete security assessment using a combination of IndusGuard Mobile scanner and manual security intelligence."
Indusface's mobile solution, IndusGuard Mobile, is targeted at Enterprises and App Stores to help them in conducting in-depth security tests of their mobile applications before permitting them into their business ecosystem.