Study Find Glaring Lack Of Security In Mobile Apps


smart phone

If you have been blindly trusting your favorite banks and retailer with your financial information, think again. A recent study published by the Ponemon Institute and commissioned by IBM has found that nearly 50% of the mobile app makers spend zero dollars on testing and ensuring data security. This includes a number of Fortune 500 companies including those in the banking, retail, health and public sector industries.

For the study, IBM talked to nearly 400 large organizations who develop mobile apps and asked them about the levels of security testing that is conducted before the app reaches the hands of the consumers. Shockingly, nearly 40% of the respondents conceded that they do not perform any sort of test to scan the apps for cybersecurity vulnerabilities before making them available. 33% of the companies have never tested their apps.

Half of the surveyed businesses revealed that they have allocated zero budget to secure the apps that they have built for their customers. Another 67% of the respondents noted that their work policy permitted employees to freely download personal applications on their work devices – the same ones that these employees use to access highly confidential customer or business information.

Another study from Ponemon Institute had earlier predicted that close to 11.6 million devices are infected with mobile malware at any given time. The corresponding revenue loss has been pegged at $11 million. These numbers are a crucial reminder of the security threats posed by vulnerable mobile devices that customers have no control over.

Security testing for mobile apps is just one of the areas of concern. With the launch of iPhones (whose apps need to be developed and tested over the Mac computers), the security of Mac too has come under scrutiny. According to Trend Micro, a company that makes antivirus software for Mac, their software today protects their consumers against nearly 250 million threats every day. This is a sharp rise from the 50 million threats that the software worked against in 2008. As iPhones continue to play a dominant role in the smartphone industry, malware developers will continue to see Mac as an attractive platform to target for their malicious scripts.

A related study conducted by Flexera Software in association with IDC found that app developers are yet to establish any defining factors that may contribute to security risks. While nearly 71% of the participants the researchers talked to believed BYOD policies could be a strong challenge in tackling data security, close to 61% of the respondents conceded that they have not yet identified which of the app behaviors were risky – that is, apps that accessed social media accounts, or those that report back user data, etc.

The need of the hour is for businesses, at least the largest enterprises, to commission a full-scale project to identify the risks facing their companies in the area of mobile security. Proper studies and implementation of the security best practices could ensure that the security risks posing mobile app customers today can be brought down to a minimum. With smartphone adoption still on an upward trend, focus on mobile security today is paramount.