HP: Mobile Apps Aren't Secure, Allow Access to Private Data
In a new study, Hewlett-Packard found that 97 percent of the mobile applications it scanned accessed private information on devices.Nearly all mobile applications present a risk to users, according to a new report from Hewlett-Packard's software division. In a study of 2,107 applications published by 601 companies on the Forbes Global 2000, HP found that 97 percent of the apps in some way accessed private information on the user's device. HP scanned applications to see which ones were accessing private information, and then tested the applications that accessed private information for security vulnerabilities, Maria Bledsoe, HP senior manager for product marketing, told eWEEK. "While some of these apps may have a legitimate reason to access private information, the addition of security vulnerabilities puts that private information at risk," Bledsoe said. The HP study found that 86 percent of mobile apps do not use proper binary protections, which can shield applications against memory overflow attacks and can also restrict the ability of attackers to reverse engineer code which could then potentially be exploited. Adding further insult to injury, HP's analysis indicated that 75 percent of the surveyed mobile apps do not properly leverage data-encryption techniques for user data. As to what techniques developers should employ, Bledsoe said that there are specific implementation options based on the mobile operating system version.
"The key point is that developers should use their operating system's recommended method of encrypting data as opposed to writing to the file system without encryption or using a custom implementation," Bledsoe said.