Biggest business apps fail at protecting user data

Mobile data security and management firm Wandera has put 10 most popular business mobile apps to the test, and basically – they’re all pretty much completely unsecure. Main vulnerabilities these apps have include ‘insecure data storage, insufficient transport layer protection, lack of binary protections and poor authorisation and authentication’.

The security researchers didn’t say which apps were tested, but it did say that these 10 combined have been downloaded 1.4 billion times from the Google Play store, and fall into the top 0.05 per cent of all published apps on the Apple App Store.

The applications’ security features have been put to the test, using the Open Web Application Security Project (OWASP) Mobile Security Risks as a foundation.

Basically, all apps are vulnerable to at least three of the OWASP 10 mobile risks, including two fundamental issues: data storage security and data transport security.

The report also says they’ve all failed to use secure data storage, and have at least five, out of 28 weaknesses they were tested for.

Just one uses Certificate Pinning (albeit poorly), meaning nine were vulnerable to man-in-the-middle attacks, and eight out of ten allow the use of weak passwords.

“In our increasingly mobile world, enterprises need to gain complete visibility in order to maintain control of their mobile data, ensure compliance and prevent mobile security threats,” comments Eldar Tuvey, CEO of Wandera. “Security is an essential concern when it comes to mobile app development and it should not be sacrificed for the sake of speed and convenience.”

The report says businesses should carefully approach mobile security, and make sure all devices are protected, regardless of if they’re on corporate premises or not. According to Wandera, data leaks from poorly designed apps, and these vulnerabilities might lead to more targeted cyber-attacks.

Image Credit: Sergey Nivens / Shutterstock