Commentary

App Security Fairly Well Blows, IBM Finds

Mobile app security is pretty abysmal, according to a new study by IBM and Ponemon, based on a survey of the security practices of over 400 large organizations that use consumer-facing mobile apps or develop them for other companies. No surprise, a large part of the problem is due to companies rushing apps to the marketplace before proper vetting, simply to keep pace with roaring consumer demand.

Overall, companies devote just 5.5% of their app development budgets to app security, on average -- but it gets worse, as half the companies allocated precisely zero dollars in their budget to securing their mobile apps. Alarmingly, 40% of the companies studied don’t scan the code in their mobile apps for security vulnerabilities. On average the companies surveyed test less than half the mobile apps they build for security, and 33% don’t test them at all.

The main reason for all this sucky security is the need for speed, with 65% of companies surveyed admitting that their mobile app security is negatively impacted by customer demands, and 77% blaming rushed production. At the same time, just 41% of companies surveyed said they have enough expertise in mobile app security.

IBM estimated that, partly as a result of this laxity, around one billion personal data records were compromised by cyber-attacks in 2014, while 11.6 million mobile devices are infected with mobile malware at any given time.

Last month IBM released the results of a security survey focused on popular dating apps. Among other things, the survey found that 60% of leading dating apps have vulnerabilities that put application data and other data stored on devices at risk. Some of the vulnerabilities identified would allow hackers to gain access to a smartphone’s camera or microphone even when the dating app isn’t open, allowing them to eavesdrop on personal conversations or private business meetings.

Next story loading loading..