Insecure Data Storage in Mobile Applications Poses Security Issues

Insecure Data Storage in Mobile Applications Poses Security Issues

Users’ data might be more at risk than they realize. A new study shows that three quarters of mobile application have insecure data storage issues, putting passwords, financial information, personal data, and correspondence at risk.

Three quarters of mobile applications have vulnerabilities that could allow hackers to steal sensitive information from both Android and Apple users.

Researchers discovered and listed these insecure data storage problems in their report Vulnerabilities and Threats in Mobile Applications 2019.

According to the report, the most common issue in mobile applications is insecure data storage. 76 percent of mobile applications had insecure data storage, putting passwords, financial information, personal data, and correspondence at risk.

In addition, high-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications.

Users may not believe they are at risk unless their phone is physically stolen, but in reality, 89 percent of vulnerabilities can be exploited using malware, with no physical access needed.

The vulnerabilities have been classified as medium risk by researchers, but 29 percent of tested applications have been found to contain what has been classed as a high risk – insure interprocess communication.

Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, told ZDNet that since developers pay less attention to data insecurity, users must take steps to secure their own data.

“Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information. However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue,” Galloway said. “We recommend that users take a close look when applications request access to phone functions or data. If you doubt that an application needs access to perform its job correctly, decline the request.”

About the Author

Kaitlyn DeHaven is the Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3