Health And Finance Mobile Apps Riddled With Security Issues

A large number of leading health and finance mobile applications are shipping with severe security vulnerabilities that put their users at risk, according to new research.

Security firm Arxan found that 90 percent of apps carried at least two of the leading ten security vulnerabilities, including such flaws as data leakage, insecure storage, and broken cryptography.

Secure?

The findings, included in Arxan’s fifth Annual State of Application Security Report, tested 126 popular apps around the world, finding that many lacked the necessary protection to keep their users safe.

Overall, 98 percent of the mobile apps tested lacked binary protection, with 83 percent also having insufficient transport layer protection, flaws which could result in application code tampering, reverse-engineering, privacy violations, and data theft.

These vulnerabilities could also allow criminals to reprogram health apps to deliver an unsafe amount of medication, or authorise a large monetary transfer in financial apps.

The report also found that Android apps were more secure than their iOS counterparts, as 59 percent of the mobile finance apps tested for the former had at least three major risks, whereas 100 percent of the iOS apps tested had at least three top risks.

The flaws exist despite many of the developers of the apps included in the research believing that their products were secure. The report found that 84 percent of mobile app users and mobile app executives believed their mobile health and finance apps were “adequately secure,” and 63 percent thinking that app providers are doing “everything they can” to protect their mobile health and finance apps.

“Mobile apps are often used by organisations to help keep customers ‘sticky,’ yet in the rush to bring new apps to market, organisations tend to overlook critical security measures that are proving crucial to consumer loyalty,” said Patrick Kehoe, chief marketing officer of Arxan Technologies.

“Our research in Arxan’s 2016 State of App Security Report demonstrates that mobile app security is an important element in customer retention. Baking in robust mobile app security is not only a smart technology investment to keep the bad guys out, but also a smart business investment to help organisations differentiate from the competition and to achieve customer loyalty based on trust.”

Are you a security pro? Try our quiz!