Insecure Data Storage in Mobile Applications Poses Security Issues
Users’ data might be more at risk than they realize. A new study shows that three quarters of mobile application have insecure data storage issues, putting passwords, financial information, personal data, and correspondence at risk.
- By Kaitlyn DeHaven
- Jun 24, 2019
Three quarters of mobile applications have vulnerabilities that could allow hackers to steal sensitive information from both Android and Apple users.
Researchers discovered and listed these insecure data storage problems in their report Vulnerabilities and Threats in Mobile Applications 2019.
According to the report, the most common issue in mobile applications is insecure data storage. 76 percent of mobile applications had insecure data storage, putting passwords, financial information, personal data, and correspondence at risk.
In addition, high-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications.
Users may not believe they are at risk unless their phone is physically stolen, but in reality, 89 percent of vulnerabilities can be exploited using malware, with no physical access needed.
The vulnerabilities have been classified as medium risk by researchers, but 29 percent of tested applications have been found to contain what has been classed as a high risk – insure interprocess communication.
Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, told ZDNet that since developers pay less attention to data insecurity, users must take steps to secure their own data.
“Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information. However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue,” Galloway said. “We recommend that users take a close look when applications request access to phone functions or data. If you doubt that an application needs access to perform its job correctly, decline the request.”
Kaitlyn DeHaven is the Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.