Insecure Data Storage in Mobile Applications Poses Security Issues

Insecure Data Storage in Mobile Applications Poses Security Issues

Users’ data might be more at risk than they realize. A new study shows that three quarters of mobile application have insecure data storage issues, putting passwords, financial information, personal data, and correspondence at risk.

  • By Kaitlyn DeHaven
  • Jun 24, 2019

Three quarters of mobile applications have vulnerabilities that could allow hackers to steal sensitive information from both Android and Apple users.

Researchers discovered and listed these insecure data storage problems in their report Vulnerabilities and Threats in Mobile Applications 2019.

According to the report, the most common issue in mobile applications is insecure data storage. 76 percent of mobile applications had insecure data storage, putting passwords, financial information, personal data, and correspondence at risk.

In addition, high-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications.

Users may not believe they are at risk unless their phone is physically stolen, but in reality, 89 percent of vulnerabilities can be exploited using malware, with no physical access needed.

The vulnerabilities have been classified as medium risk by researchers, but 29 percent of tested applications have been found to contain what has been classed as a high risk – insure interprocess communication.

Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, told ZDNet that since developers pay less attention to data insecurity, users must take steps to secure their own data.

“Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information. However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue,” Galloway said. “We recommend that users take a close look when applications request access to phone functions or data. If you doubt that an application needs access to perform its job correctly, decline the request.”

About the Author

Kaitlyn DeHaven is the Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Research: Cybersecurity Success Hinges on Full Organizational Support

    Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce. Read Now

  • Live from GSX 2024: Day 3 Recap

    And GSX 2024 in Orlando, is officially in the books! I’d like to extend a hearty congratulations and a sincere thank-you to our partners in this year’s Live From program—NAPCO, Eagle Eye Networks, Hirsch, and LVT. Even though the show’s over, keep an eye on our GSX 2024 Live landing page for continued news and developments related to this year’s vast array of exhibitors and products. And if you’d like to learn more about our Live From program, please drop us a line—we’d love to work with you in Las Vegas at ISC West 2025. Read Now

    • Industry Events
    • GSX

  • Bringing New Goods to Market

    The 2024 version of GSX brought with it a race to outrun incoming hurricane Helene. With it’s eye on Orlando, it seems to have shifted and those security professionals still in Orlando now have a fighting chance to get out town. Read Now

    • Industry Events
    • GSX

  • Live from GSX 2024: Day 2 Recap

    Day 2 was another winner at GSX 2024 in Orlando. Aisles and booths were packed with attendees looking at some of the new and latest security technology. Remember to follow the GSX Live page from Security Today, as well as SecurToday on X and Security Today on LinkedIn to find out more about what’s happening on the show floor during tomorrow’s final day. Here’s what was happening with all four of our partners during the event on Tuesday. Read Now

    • Industry Events
    • GSX
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3