A majority (90 percent) of mobile finance and health apps contain two crucial security risks, however 84 percent of IT executives and consumers feel their apps are secure.
Arxan's fifth annual State of Application Security Report research examined 126 popular mobile health and finance apps from the UK, US, Germany, Japan and a study analysing the security views of consumers and app security professionals. Nearly all of the apps that Arxan evaluated proved to be vulnerable to at least two of the top 10 serious security risks.
Almost all (98 percent) of the mobile apps tested had insufficient binary protection—thus could result in tampering with application code, reverse-engineering, data theft and violations of privacy. Eighty three percent of the apps lacked transport layer protection. The vulnerabilities could also cause a health app to be reprogrammed and send a lethal dose of medicine or a finance app to redirect a money transfer.
Eighty percent of consumers would change providers knowing that their apps weren't secure.
The study found that mobile health apps approved by governing bodies such as the US FDA or UK NHS are as vulnerable as other mobile apps. Most mobile health apps were found exposed to application code tampering and reverse-engineering. All top mobile banking and payment apps evaluated had at least one OWASP Mobile Top 10 Risk. Android apps were discovered to be more secure than iOS apps.
Minimal geographical conflicts were discovered in mobile security apps from the UK, US, Germany and Japan. iOS apps were shown to be at least as vulnerable as Android apps.
“Our research in Arxan's 2016 State of App Security Report demonstrates that mobile app security is an important element in customer retention. Baking in robust mobile app security is not only a smart technology investment to keep the bad guys out, but also a smart business investment to help organisations differentiate from the competition and to achieve customer loyalty based on trust,” said Patrick Kehoe, CMO of Arxan Technologies.