Report | How secure are the most widespread mobile applications?

Posted by The Pradeo Lab on August 26, 2019
 
This security report presents how secure mobile applications are, according to the industry they are part of. It delivers statistics showing that even in the most sensitive sectors, leaky applications are extremely common, at the expense of data privacy. The results it features to better understand the most widespread app threat and should help orientate security strategies accordingly.



Applications are the first vector of attacks on mobile. In the corporate environment, where nearly 100% of the workforce uses a mobile device for work related purpose, applications are endangering data privacy. To ensure apps don’t cause breach, it is necessary to audit them in a way that will provide enough details to draw an accurate conclusion on their security level. To do so, three main angles have to be analyzed: behaviors, network communications and code vulnerabilities. Globally, the thoroughness and accuracy of the audit is important to eliminate false positive.

 

app_security_sector_pradeo

 

First, identifying all the behaviors an application is programmed to perform, rather than only looking at the permissions it requests, provides a clear view on what its true intention is. For example, this behavioral analysis enables companies to forbid the usage of some apps that plan to exfiltrate their data, before they do it.

Secondly, when the behavioral analysis shows signs of data sent over the network, which is almost always the case, examining the safety of these communications will determine how easily they can be intercepted.

And to finish, detecting all the vulnerabilities embedded within the code of an application allows to determine whether it will resist to compromise attempts. The vulnerability list used for the detection needs to gather, at least, the biggest global mobile app vulnerability databases for the analysis to be reliable.


This report gathers the results of hundreds of mobile application security audits performed by the Pradeo Security engine. It addresses the most downloaded apps in the following activity sectors: IoT, Shopping, Airline, Bank, Gaming, Tool, Health, and features:

  • Data sent over the network
  • Security status of network communications
  • Code vulnerabilities

 

Download the report

 

Topics: Mobile Application Security, Expertise