Monday, December 12, 2016

Mobile Application Security in 2016

How safe is your app? And how do you feel about the security of the apps you install? Is everything being done by companies to protect you? Arxan recently did a 5th annual State of Application Security report, which takes an in-depth look into the security of some of the most popular mobile health and mobile finance applications available.

Thy’ve found a huge discrepancy between consumers’ beliefs regarding the level of security built into these apps, and the degree to which developers of these apps actually address known application vulnerabilities. For example, 83% of the app users we surveyed feel their applications are adequately secure. Yet, 90% of the applications tested were vulnerable to at least 2 of the OWASP Mobile Top 10 Risks. Here are some of their research findings.

PERCEPTION OF SECURITY: 1,083 individuals were surveyed in the US, UK, Germany and Japan. 268 were IT executives with security oversight or insight into the mobile health and/or finance apps they produce. 815 were consumers that use mobile health or mobile finance apps.

PERCEPTION OF SECURITY: 1,083 individuals were surveyed in the US, UK, Germany and Japan. 268 were IT executives with security oversight or insight into the mobile health and/or finance apps they produce. 815 were consumers that use mobile health or mobile finance apps.


(video is a reference; not part of Arxan study)
REALITY Of SECURITY: 126 of the most popular mobile health and finance apps from the US, UK, Germany, and Japan were tested for security vulnerabilities using tools from Mi3.[1] Apps approved by regulatory or governing bodies were also included in the security assessment.

REALITY Of SECURITY: 126 of the most popular mobile health and finance apps from the US, UK, Germany, and Japan were tested for security vulnerabilities using tools from Mi3.[1] Apps approved by regulatory or governing bodies were also included in the security assessment.
90% OF 126 MOBILE APPLICATIONS TESTED WERE VULNERABLE TO AT LEAST 2 OF THE OWASP MOBILE TOP 10 RISKS.
84% OF FDA-APPROVED APPS AND 80% OF APPS FORMERLY APPROVED BY THE NHS WERE VULNERABLE TO AT LEAST 2 OWASP MOBILE TOP 10 RISKS.
98% OF APPS TESTED LACKED BINARY CODE PROTECTION AND COULD BE REVERSE-ENGINEERED OR MODIFIED.
84% OF APPS TESTED HAD POOR TRANSPORT LAYER PROTECTION AND COULD LEAD TO DATA AND IDENTITY THEFT.
>80% OF APP USERS WOULD CHANGE PROVIDERS IF THEIR APP IS KNOWN TO BE VULNERABLE OR IF A SIMILAR APP WAS MORE SECURE.
50% OF ORGANIZATIONS HAVE ZERO BUDGET ALLOCATED TO PROTECTING MOBILE APPS.


(video is a reference; not part of Arxan study)
RECOMMENDATIONS FOR APP EXECUTIVES: SET YOUR SECURITY BAR ABOVE THE REGULATIONS STRENGTHEN YOUR WEAKEST LINKS MAKE SECURITY YOUR COMPETITIVE ADVANTAGE FOR APP USERS: ONLY DOWNLOAD APPS FROM AUTHORIZED SOURCES DON'T JAILBREAK OR ROOT YOUR DEVICES DEMAND TRANSPARENCY OF OF YOUR APP'S SECURITY

RECOMMENDATIONS
FOR APP EXECUTIVES:
SET YOUR SECURITY BAR ABOVE THE REGULATIONS
STRENGTHEN YOUR WEAKEST LINKS
MAKE SECURITY YOUR COMPETITIVE ADVANTAGE
FOR APP USERS:
ONLY DOWNLOAD APPS FROM AUTHORIZED SOURCES
DON’T JAILBREAK OR ROOT YOUR DEVICES
DEMAND TRANSPARENCY OF OF YOUR APP’S SECURITY


(video is a reference; not part of Arxan study)
applicationsecurity4

Originally posted 2016-02-03 21:34:19. Republished by Blog Post Promoter

The post Mobile Application Security in 2016 appeared first on Information Technology Blog.



from Information Technology Blog http://ift.tt/1ULt3SG
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)