76% of mobile apps have flaws allowing hackers to steal passwords, money, and texts

Android apps have more critical vulnerabilities than iOS apps do, according to a Positive Technologies report.

Tips for developing a secure mobile app App security is essential. Here are some tips to make sure your new app endeavor is one users can trust.

High-risk vulnerabilities are common across both Android and iOS mobile apps, with Android devices slightly more at risk than their iOS counterparts (43% vs. 38%), according to Positive Technologies' Vulnerabilities and threats in mobile applications report, released Wednesday.

Insecure data storage is the most common vulnerability found in mobile apps across both platforms, the report found, as 76% of all apps contain this flaw. In some cases, insecure data storage can allow hackers to steal passwords, financial information, personal data, and correspondence, according to the report.

SEE: Mobile device security: Tips for IT pros (free PDF) (TechRepublic)

Some 89% of the vulnerabilities found could be exploited by malware. While the risk of infection increases on jailbroken devices, attackers rarely need physical access to a victim's phone, the report found. Instead, once on the victim's device, the malware can ask for permission to access user data, and if that permission is granted, the malware can send data directly to the attackers.

"In 2018, mobile apps were downloaded onto user devices over 205 billion times. Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information," Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, said in a press release. "However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue. Stealing data from a smartphone usually doesn't even require physical access to the device."

To protect devices and data, users should closely examine when apps request access to phone functions or data, and decline any requests to access unnecessary data, Galloway said. Users should also not open unknown links sent in texts or through chat apps, and not download apps from third-party app stores, she added.

For more, check out 10 dangerous app vulnerabilities to watch out for on TechRepublic. 

Also see

system integrity working while other pass down. hand holding mobile phone with padlock icon on blue binary code screen. Error message in computer screen in the background.

Image: iStockphoto/Suebsiri

By Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.