High-risk vulnerabilities are common across both Android and iOS mobile apps, with Android devices slightly more at risk than their iOS counterparts (43% vs. 38%), according to Positive Technologies’ Vulnerabilities and threats in mobile applications report, released Wednesday.
Insecure data storage is the most common vulnerability found in mobile apps across both platforms, the report found, as 76% of all apps contain this flaw. In some cases, insecure data storage can allow hackers to steal passwords, financial information, personal data, and correspondence, according to the report.
SEE: Mobile device security: Tips for IT pros (free PDF) (TechRepublic)
Some 89% of the vulnerabilities found could be exploited by malware. While the risk of infection increases on jailbroken devices, attackers rarely need physical access to a victim’s phone, the report found. Instead, once on the victim’s device, the malware can ask for permission to access user data, and if that permission is granted, the malware can send data directly to the attackers.
“In 2018, mobile apps were downloaded onto user devices over 205 billion times. Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information,” Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, said in a press release. “However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue. Stealing data from a smartphone usually doesn’t even require physical access to the device.”
To protect devices and data, users should closely examine when apps request access to phone functions or data, and decline any requests to access unnecessary data, Galloway said. Users should also not open unknown links sent in texts or through chat apps, and not download apps from third-party app stores, she added.
For more, check out 10 dangerous app vulnerabilities to watch out for on TechRepublic.
Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays
Image: iStockphoto/Suebsiri
