There is a wide disparity between consumer confidence in the level of security incorporated into mobile health and finance apps and the degree to which organizations address known application vulnerabilities.
That was one of the findings of a report based on 126 mobile health and finance apps, which was conducted by Arxan Technologies.
A combined 84 percent of mobile app users and mobile app executives believe that their mobile health and finance apps are adequately secure, and 63 percent believe that app providers are doing everything they can to protect their mobile health and finance apps.
“It was most surprising to discover that 80 percent of app users said they would change providers if they knew their apps were not secure,” Patrick Kehoe, chief marketing officer at Arxan, told eWEEK. “In addition to organizations needing to bake in robust security into their mobile apps in order to help mitigate security risks, they should be wanting to incorporate effective security measures in order to help attract and retain customers.”
The survey revealed 82 percent of app users said they would change providers if a similar provider offered a more secure mobile app.
“When it comes to application development, speed to market tends to be the top priority for many organizations,” Kehoe said. “Some level of security is usually incorporated into the mobile apps, but clearly not enough is being done, since 90 percent of the apps tested had at least two of the top 10risks.”
In addition, 98 percent of the mobile apps tested lacked binary protection– the most prevalent security vulnerability identified—and 83 percent of the mobile apps had insufficient transport layer protection.
“We are seeing select organizations that have a good handle on the risks and are taking best practice security approaches to implement robust security into their mobile apps,” Kehoe said. “However, this is just not yet common practice – and it should be. To better protect themselves, consumers should only download apps from authorized app stores, protect the integrity of their mobile devices by not jailbreaking or rooting them, and become advocates for mobile app security certification and risk transparency.”
Kehoe also noted the continued advancement of mobile and IoT technologies will increase the attack surface for hackers, who are already capitalizing on – and counting on — their weaknesses.
“Applications that were once in the data center behind firewalls and other perimeter security are now moving out into the wild,” he said. “As a result, attacks on applications during run-time will increase in frequency, scale, and sophistication. Run-time application self-protection will become standard for organizations pushing mobile apps into the wild because security must follow the application no matter where it goes.”