14 DAY TRIAL // The overall security level of mobile applications in the health and financial & payment sectors is quite alarming, even for government-tested and government-approved applications, a recent report by Arxan reveals.
Analyzing the security of over 126 mobile applications, and gathering survey answers from 1,083 individuals from the US, the UK, Germany, and Japan, Arxan discovered a big difference between what users perceive to be a safe application and how secure the application really is.
The study reveals that 90% of the tested applications were exposed to at least two of the OWASP Mobile Top 10 vulnerabilities. Of the health apps, 84% of them were approved by the US FDA (Food and Drug Administration) and 80% by the UK NHS (National Health Service). In the finance & payments mobile apps, 92% were also susceptible to at least two of the OWASP Mobile Top 10 vulnerabilities.
Overall, 98% of the apps lacked binary code protection, meaning they could be easily reverse engineered, and 84% of the apps did not use encryption to transfer and safeguard sensitive information.
Health apps more secure than finance apps, but not secure enough
Broken down for health and the finance sector, the numbers are troubling because they're worse for the financial sector, where criminals can use the lack of security features to intercept and alter money transfers. For health apps, the percentages are 97% (lacked binary code protection) and 79% (lacked encryption) while for the financial sector they were 98% and 91%, respectively.
Additionally, 50% of the surveyed organizations have also said they don't have a budget allocated to boosting mobile app security, which is why 46% of them have also admitted they expect to be hacked in the coming six months.
Furthermore, the study has also found out that, surprisingly, Android banking apps are also much more secure than their iOS counterparts. In numbers, 59% of the Android apps were vulnerable to at least three OWASP Mobile Top 10 vulnerabilities while 100% of the tested iOS apps had at least three OWASP Mobile Top 10 vulnerabilities.
You can read more in Arxan's fifth annual State of Application Security Report. There are also special editions for health and finance applications.
