Three quarters of mobile apps have a security vulnerability that could put your corporate data at risk. It’s a major reason why Timewatch doesn’t develop mobile apps that are downloaded onto a device. Instead, our products are browser-based. The reason is simple: web-based apps are more secure.
According to a report by ZDNet, three quarters of mobile applications have vulnerabilities relating to insecure data storage, leaving both Android and Apple iOS users open to cybervattacks that could allow hackers to steal sensitive information.
An alarming number of apps are critically insecure
The ZDnet story highlighted findings in a recent study by Positive Technologies titled Vulnerabilities and Threats in Mobile Applications 2019.
“Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information. However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue,” Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, was quoted as saying.
Why, when smart business users are moving to browser based apps, are people still using downloadable apps for phones and tablets when web apps provide more security? Arxan and ISSA.org estimate that 97 percent of paid apps have been hacked and 80 percent of free apps have been hacked. That is a lot of hacks and a reminder that your security is often in the hands of many third-party developers.
Mobile apps can compromise your company’s security guidelines
In a corporate environment this is a huge risk – an app that downloads data onto personal devices is outside of the reach of your company’s security guidelines. Individuals may have strong passwords on their phone. They also may not. Employees may lose devices and allow easy access to customer data – itself a breach of GDPR and other privacy rules.
“Additional vulnerabilities found in just under one in five of the tested applications include sensitive data being stored in the application source code and insufficient protection against cyber attacks using brute-force techniques,” said ZDNet.
Why web apps are better for your business security
In contrast, a web application loads nothing onto the device and all data and communication is encrypted via SSL. There is no security risk if the phone is lost, stolen, or hacked.
Click here (it’s safe!) for more information on secure Timewatch professional services products for your business.