May 27, 2017

Study Suggests a Large Majority of Mobile Apps Fail Basic Security Tests

In general, we shouldn’t consider mobile apps particularly secure for the foreseeable future. That is if Gartner is correct in its latest analysis.

The firm said this week that over 75% of mobile apps will fail basic security tests through 2015. This is not particularly comforting for businesses.

Gartner notes that enterprise employees download from app stores, and use mobile apps that can access enterprise assets or perform business functions, and that the apps have “little to no security assurances”.

“Enterprises that embrace mobile computing and bring your own device (BYOD) strategies are vulnerable to security breaches unless they adopt methods and technologies for mobile application security testing and risk assurance,” said Dionisio Zumerle, principal research analyst at Gartner. “Most enterprises are inexperienced in mobile application security. Even when application security testing is undertaken, it is often done casually by developers who are mostly concerned with the functionality of applications, not their security.”

“Today, more than 90 percent of enterprises use third-party commercial applications for their mobile BYOD strategies, and this is where current major application security testing efforts should be applied,” said Zumerle. “App stores are filled with applications that mostly prove their advertised usefulness. Nevertheless, enterprises and individuals should not use them without paying attention to their security. They should download and use only those applications that have successfully passed security tests conducted by specialized application security testing vendors.”

Gartner looks even further into the future, and says that by 2017, the focus of endpoint breaches will shift to tablets and smartphones. Through that year, it predicts, over 75% of mobile security breaches will be the result of mobile app misconfigurations as opposed to “deeply technical” attacks.

About Chris Crum 266 Articles
Chris Crum is a staff writer for SecurityProNews and WebProNews.