Most Health and Financial Mobile Apps Are Rife With Vulnerabilities by Tara Seals.
From the post:
When it comes to mobile app security, there appears to be a disparity between consumer confidence in the level of security incorporated into mobile health and finance apps, and the degree to which those apps are actually vulnerable to common hack techniques (code tampering and reverse-engineering). In turn this has clear implications for both patient safety and data security.
According to Arxan Technologies’ 5th Annual State of Application Security Report, the majority of app users and app executives believe their apps to be secure. A combined 84% of respondents said that the offerings are “adequately secure,” and 63% believe that app providers are doing “everything they can” to protect their mobile health and finance apps.
Yet, nearly all of the apps that Arxan assessed, (90% of them in fact, including popular banking and payment apps and government-approved health apps), proved to be vulnerable to at least two of the Open Web Application Security Project (OWASP) Mobile Top 10 Risks, which could result in privacy violations, theft of customer credentials and other malicious acts, including device tampering.
…
I’m not proud, I’ll admit to being surprised.
I thought 100% of banking, payment and health care apps would be found to be vulnerable.
Perhaps the 90% range was just on cursory review.
Seriously.
After decades of patch-after-vulnerabilty-found, with no financial incentives to change that practice, what did you expect?
The real surprise for me was anyone thinking off the shelf apps were secure at all. Ever.
Such users are not following the news or have a crack pipe as a security consultant.