VPN Articles and News

Study Predicts Over 75% Mobile Apps Will Fail Basic Security Tests Through 2015

By Paul Liu
Tuesday, January 27th, 2015

As per a report published by the research firm Gartner, a large majority of mobile apps are set to disappoint on the security front well until the end of the next year. The firm analyzed the magnitude of the threat and concluded that over 75% of mobile apps available in Apple, Android and Windows app stores would fail to meet even the basic security criteria by the end of 2015. The publication of the report is set to draw attention to the dangers posed by the mobile ecosystems and it may even force businesses into revisiting their mobile security strategies.

In the last few years, a lot of businesses have made the transition to mobile ecosystems. That’s why it is not uncommon to see enterprises encouraging the use of personal mobile devices for official work these days. The Bring Your Own Device (BYOD) (also known as Bring Your Own technology (BYOT)) style of working encourages employees to finish official work at their own convenience, boosts productivity as well as cuts down infrastructure cost for the companies. The downside of switching to the BYOD working methodology is that companies have to deal with far more security challenges than presented by a closed networked environment.

In its report, Gartner states that employees participating in BYOD methodology often use third party apps to do their official work. Such apps are freely available on app stores and they often come with little to no security assurances. So it is possible for a rogue third party app to access enterprise data and perform business functions without authorization. Also, since apps created by different developers follow different sets of security standards, they may violate security guidelines laid down by the enterprises.

While discussing the results published in the report, principal research analyst Dionisio Zumerle said that businesses migrating to BYOD would remain vulnerable to such threats until they have a solid risk assurance and mobile application security testing strategy in place. While acknowledging that most enterprises do not have sufficient experience in mobile application security landscape, he revealed that even when such tests are conducted, they are geared more towards testing the functionality of the apps rather than evaluating their security.

Zumerle stated that since more than 90% businesses use third party commercial apps to facilitate BYOD, the application security testing phase should focus on checking whether a particular app meets the security guidelines of the company rather than believing in what is advertised by the app developer. He also stressed the need to conduct behavioral analysis tests for mobile apps in addition to running the standard static application security testing (SAST) and dynamic application security testing (DAST) tests. Zumerle advised enterprises and employees to use only those mobile apps that conform to security guidelines and pass security tests.

In the report, Gartner also predicted that by 2017, 75% of security breaches occurring on mobile devices would be a result of app misconfigurations rather than pure technical attacks. To prevent themselves from such threats, the firm advised businesses to use solutions that focus on data protection through app containment.