Are Mobile Apps secure?

Mobile apps are probably not as secure as you believe. Based on a research done by IBM along with Ponemon Institute, a lot of organizations are not doing much to protect on possible cyber security breaches for the applications they build.

Based on the Ponemon study, out of the 400 companies or more, nearly 40% are usually not scanning their mobile application code for the possible security vulnerabilities prior to the apps being made available for the users. On the other hand, around 30% of those companies, from which nearly 40% are in more than 500, don't test their applications at all, whereas 50% usually are not planning any kind of their budgets for securing apps. Larry Ponemon, the chairman and the founder of Ponemon Institute, had written in an article for IBM's Security Intelligence blog that however we have done a great job securing our computers and the servers which have usually stored our sensitive information; we have been neglecting to dedicate similar focus on our mobile apps. As a result the cyber criminals are usually waking up to grab the opportunity.

There is an increasing pressure on the mobile app development teams for rapidly building and deploying code. For instance, 65% of the companies accept that the security of their applications is usually put at stake due to their customer demand and their need, and 77% reported that the pressures of rush-to-release being the main reason why mobile apps have vulnerable code. The research findings have ramifications for the businesses, as well. With the increase in the number of employees making use of mobile devices and the applications in the office, the security issues to a company’s data will also be increasing. For instance, 67% of companies permit employees for downloading unverified, personal applications to work devices, which may leave the company’s data at the risk of attack.

In case you are employed in a smaller sized company which doesn't have sufficient security measures, you may affect other users with malware as well. Mobile Security Report of McAfee in 2014, mentioned that 82 percent of the mobile applications monitor whether the device is switched on, and device’s current location and the last location while Wi-Fi or the data networks are being used. Based on another report from a research firm Gartner Inc., over 75% of mobile apps would likely fail basic security tests by 2015.

Android seems to be a bigger target for the malware. As stated in a study report by cyber security firm F-Secure, Android remains the “favored” targeted platform for most of the mobile malware. Although the threats are also aimed at iOS but it is fewer when compared to Android. According to Eurecom Technicolor Research, a lot of apps in Google Play usually get connected to destinations which are not necessary for the functioning of an app, and most of this communication is totally unknown to the users. The Eurecom researchers came to the conclusion that there's a need to have better transparency in network interaction for mobile applications over app stores.

A report by McAfee Labs, a unit of Intel Security, suggests downloading only the highly rated apps and popular apps from reliable sources, recognized companies or maybe from trusted marketplaces such as Google Play. The report figured that poor programming methods from the software developers expose the users on to a number of vulnerabilities, because of that all communication within the apps as well as their websites, consisting of usernames and the passwords, are likely viewable by the cyber criminals.

The rapid growth of mobile devices leads to more use of mobile apps. Due to this, sensitive and personal data is getting stored in our mobile devices. Mobile devices provide an extensive attack surface and the methods of attack are quite increasing. The security solutions which proved helpful for traditional computing like laptops and workstations simply don’t transform to mobile.

Mobile security continues to be a major concern these days. Android has often experienced strong criticism for the security concerns and malware. In the last version that is Android Lollipop, the company claimed that they have got the best security in place now. Even though the numbers have now been increasing with each update, still it has to do a lot of improvements to provide an absolutely secured platform for the mobile devices.

Apart from providing mobile app development services, Mindfire ensures that its clients provide secure mobile apps to their customers by practicing stringent mobile app testing methods. They make use of several app testing frameworks like Appium, Robotium etc. to ensure the mobile app are failsafe.