Mobile applications have become increasingly popular in recent years. As broadband speeds and data storage limits increase, so does the number of mobile apps developed and downloaded. While many people don’t think about the security risks, there is a potential that downloading mobile apps could compromise personal information and private data.
The most widely used apps were found to have several security, storage and authorization weaknesses, according to mobile data security and management company Wandera. Many mobile applications failed to use secure data storage to protect personally identifiable information.
The Apple App Store was no exception with vulnerabilities detected in open source platforms allowing cyber criminals to modify apps via backdoors. In addition, “Trojan apps” were discovered phishing for users’ Apple username and password. Google Play also is not immune to cyber attackers. PhishLabs, a company that provides anti-phishing services, found 11 phishing applications that were posing as legitimate apps for popular online payment services.
Apple is working hard to remove infected apps as they are discovered and Google now reviews all submissions using a combination of manual and automated security testing processes. Yet, cyber attackers continue to find ways around security walls. There remains a gap between the time malware infiltrates to when it is detected and removed, allowing damage to be done.
“Security is an essential concern when it comes to mobile app development and it should not be sacrificed for the sake of speed and convenience,” said Eldar Tuvey, CEO of Wandera.
Malicious software can be easily mistaken as a real brand’s application. Users may think they are accessing their online payment accounts securely, when really they are entering their logon credentials and personal data to a fake app that immediately sends the information to the cyber attacker. Companies warn individuals not to download apps from unofficial third-party mobile application stores.
Some companies are now creating security programs specifically for apps and mobile devices. However, many companies are not investing enough in mobile security which is putting sensitive data at risk. App enterprises and developers need a faster and easier way to identify and remove infected apps.