UPDATED 09:00 EDT / NOVEMBER 05 2015

NEWS

Checkmarx mobile security report finds iOS apps have more critical vulnerabilities than Android ones

Application security firm Checkmarx, Inc. have released a new mobile security report that throws a common misconception about mobile security on its head.

The State of Mobile Application Security 2014-2015 report, published in conjunction with Appsec Labs, tested hundreds of mobile applications of all types including banking, utilities, retail, gaming and even security oriented applications for vulnerabilities and related security issues.

Its findings could be arguably the thing of nightmares with applications on average found to have 9.041 vulnerabilities, representing what the report claims is a lack of developer awareness when it comes to application security and implementation of secure coding best practices on mobile platforms.

While the 9.041 figures is an average one, the report found that the risk was real and that almost all mobile applications were exposed at differing levels.

The most interesting takeaway from the report, though, came via a comparison between iOS and Android apps, with a preface that notes it is a common myth that the iOS development platform is more secure than the Android equivalent for several legitimate reasons including that iOS has more restrictive controls over what developers can do and tight application sandboxing and that iOS Applications are fully vetted before being released to customers – preventing malware from entering the Apple App Store.

It turns out this common myth (the emphasis is ours) is exactly that: a myth, a fantasy that has no basis in reality.

From the report:

In the field of pure application security where vulnerabilities are built in the code or into the application logic the story is quite different.

Our statistics show that the distribution of vulnerability exposed by severity is almost identical between iOS and Android Applications with a slightly higher percentage of critical vulnerabilities in iOS applications.

That last part needs to be repeated: iOS applications have a higher percentage of critical vulnerabilities that Android apps do.

Risks ahead

The report concludes with a note that we should expect an increase of major hacks via the mobile application vector in the short term future unless the industry as a whole improves secure coding practices.

Organizations are urged not to rely on external defense mechanisms only and to integrate secure coding best practices into the development life cycle particularly through the education of developers and application code testing before its too late or too expensive to make a change.

A full copy of the report can be downloaded from the Checkmarx site here.

Image credit: raneko/Flickr/CC by 2.0

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU