Mobile apps still not secure for storing personal data says ViaForensics

According to the Chicago-based firm's report, it ran a series of tests between November of last year and June of this, and covered iPhone and iPad apps, as well as Android apps, in the financial, social networking, productivity, and retail software markets.

“At ViaForensics we believe in proactive forensics - applying the power of forensic methods pro-actively to improve digital security. With appWatchdog we utilise forensic techniques to investigate consumer mobile apps and understand what user data is stored and could be at risk”, says the report.

According to the report, smartphones today handle a great quantity of private and sensitive data, in a highly portable, network-connected mobile computer. The data stored and transmitted can include security credentials, personal financial information, private communications, sensitive company data and more.

The appWatchdog tests, says the paper, focus on what is stored on the device, and smartphone apps handle user names, passwords and private app data, all of which should be stored securely or not at all.

“In the event of a lost device or malware infection, data stored insecurely can be compromised”, says the analysis, adding that other aspects of mobile app security including secure communications, coding practices and resistance to malicious attacks are also very important.

The report concludes that it perfectly possible to create secure mobile applications and avoid insecure storage of sensitive user data, and that the firm has noticed a trend toward providing more secure applications, but further progress is needed as the usage of smartphones increases - along with the quantity of sensitive data handled.

“Consumers should be aware and demand secure apps from their service providers. Companies should recognise the risk to their customers and their brands presented by the growing threats on mobile devices. The ideal outcome is for app providers to develop higher competency in mobile app security”, the report notes.

What’s Hot on Infosecurity Magazine?