14 DAY TRIAL // The myth of iOS being more secure than Android is being slowly eroded with each new security report released. The latest to take a swipe at Apple iOS' reputation is one from mobile security vendors Checkmarx and AppSec Labs.
After analyzing hundreds of Android and iOS applications, the two companies' security researchers can claim that they've found more security vulnerabilities that rank as High and Critical in iOS products.
The percentage of vulnerabilities that researchers can label as High and Critical is 40% for iOS apps, but only 36% for Android applications.
Nine vulnerabilities for each tested mobile application
Researchers from the two companies analyzed hundreds of iOS and Android apps, ranging from simple games to complex financial and banking applications.
In their methodology, the two companies looked for security holes in the application's authentication procedures, handling of configuration files, cryptography practices, input validation, handling of personal data, and for issues that lead to DoS (Denial of Service) and information disclosure.
On average, researchers found 9.041 vulnerabilities for each of the tested applications, of which 13% were Critical, and 25% were High. This adds up to an average of 38%, with 3.435 high-critical vulnerabilities per tested app.
Most applications have problems with accidentally disclosing personal information
Most apps disclosed personal and sensitive information (27%) and had authorization and authentication problems (23%). On the other side of the spectrum, researchers found fewer vulnerabilities when it came to input validation (5%) and DoS-related issues (7%).
But these are general numbers relating to the total number of detected vulnerabilities. When it came to assessing the most dangerous type of security problems, authentication and DoS-related issues had the highest percentage of High-Critical vulnerabilities.
This means that whenever one of these types of vulnerabilities is discovered, there is a high chance that this bug is a severe one.
You can download the full "The State of Mobile Application Security 2014-2015" report from Checkmarx's website.
