While 84% of consumers and IT execs believe mobile health apps are secure, 90% test positive for two critical security risks, according to Arxan Technologies research
Concern has been raised over mobile health apps after new research revealed most test positive for critical security problems.
Arxan Technologies has published its 5th Annual State of Application Security Report based on the analysis of 126 popular mobile health and finance apps from the US, UK, Germany, and Japan, as well as a study examining security perspectives of consumers and app security professionals.
And the results reveal a wide disparity between consumer confidence in the level of security incorporated into mobile health and finance apps and the degree to which organisations address known application vulnerabilities.
While the majority of app users and app executives believe their apps to be secure, nearly all the apps Arxan assessed, including popular banking and payment apps and regulatory body-approved health apps, proved to be vulnerable to at least two of the top 10 serious security risks.
The research findings included:
Of the health-specific apps tested, those approved by regulatory/governing bodies are just as vulnerable as other mobile apps. 80% of the apps tested that were approved by the NHS did not adequately address at least two of the OWASP Mobile Top 10 Risks.
Android apps were shown to be more secure than iOS apps. 59% of the Android mobile finance apps tested had at least three OWASP Mobile Top 10 Risks, whereas 100% of the iOS apps tested had at least three top risks.In its research, Arxan found few geographical discrepancies in mobile app security across the US, UK, Germany, and Japan, and iOS apps were shown to be at least as vulnerable as Android apps.
Most of the mobile health apps were susceptible to application code tampering and reverse-engineering. 100% of the apps approved by the NHS lacked binary protection, which could result in privacy violations, theft of personal health information, and tampering.
“Mobile apps are often used by organisations to help keep customers ‘sticky,’ yet in the rush to bring new apps to market, organisations tend to overlook critical security measures that are proving crucial to consumer loyalty,” said Patrick Kehoe, chief marketing officer at Arxan Technologies.
“Our research in Arxan’s 2016 State of App Security Report demonstrates that mobile app security is an important element in customer retention. Baking in robust mobile app security is not only a smart technology investment to keep the bad guys out, but also a smart business investment to help organisations differentiate from the competition and to achieve customer loyalty based on trust.”