New research by analysts at Gartner shows that more than 75 per cent of mobile apps are set to fail basic security tests by 2015.
This is a particular worry for enterprises as employees may download software from app stores. These apps offer minimal or no security assurances but are able to access sensitive business data and violate company security policy.
"Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance," says Dionisio Zumerle, principal research analyst at Gartner. "Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security".
Existing security vendors will need to modify their approach and their products in order to adapt to these new threats. As well as testing the client layer - the app on the mobile itself - there's also a need to look at the server layer. Code and user interfaces of server side applications need to be tested to ensure that data isn't leaked.
"Today, more than 90 per cent of enterprises use third-party commercial applications for their mobile BYOD strategies, and this is where current major application security testing efforts should be applied," says Zumerle. "App stores are filled with applications that mostly prove their advertised usefulness. Nevertheless, enterprises and individuals should not use them without paying attention to their security. They should download and use only those applications that have successfully passed security tests conducted by specialised application security testing vendors".
Looking further ahead to 2017, Gartner predicts that the focus of security breaches will have shifted to tablets and smartphones. Already it says there are three attacks on mobile devices for every one on a desktop.
It also expects that by 2017 misconfiguration of apps rather than actual attacks will account for 75 per cent of mobile breaches. Gartner recommends that enterprises focus on data protection on mobile devices by employing usable and efficient solutions like application containment.
The outlook for mobile security will be discussed at a Gartner Security & Risk Management Summit taking place 15-16 September in Dubai.