NEWS
NEWS
NEWS
Checkmarx mobile security report finds iOS apps have more critical vulnerabilities than Android ones
Application security firm Checkmarx, Inc. have released a new mobile security report that throws a common misconception about mobile security on its head.
The State of Mobile Application Security 2014-2015 report, published in conjunction with Appsec Labs, tested hundreds of mobile applications of all types including banking, utilities, retail, gaming and even security oriented applications for vulnerabilities and related security issues.
Its findings could be arguably the thing of nightmares with applications on average found to have 9.041 vulnerabilities, representing what the report claims is a lack of developer awareness when it comes to application security and implementation of secure coding best practices on mobile platforms.
While the 9.041 figures is an average one, the report found that the risk was real and that almost all mobile applications were exposed at differing levels.
The most interesting takeaway from the report, though, came via a comparison between iOS and Android apps, with a preface that notes it is a common myth that the iOS development platform is more secure than the Android equivalent for several legitimate reasons including that iOS has more restrictive controls over what developers can do and tight application sandboxing and that iOS Applications are fully vetted before being released to customers – preventing malware from entering the Apple App Store.
It turns out this common myth (the emphasis is ours) is exactly that: a myth, a fantasy that has no basis in reality.
From the report:
In the field of pure application security where vulnerabilities are built in the code or into the application logic the story is quite different.
Our statistics show that the distribution of vulnerability exposed by severity is almost identical between iOS and Android Applications with a slightly higher percentage of critical vulnerabilities in iOS applications.
That last part needs to be repeated: iOS applications have a higher percentage of critical vulnerabilities that Android apps do.
Risks ahead
The report concludes with a note that we should expect an increase of major hacks via the mobile application vector in the short term future unless the industry as a whole improves secure coding practices.
Organizations are urged not to rely on external defense mechanisms only and to integrate secure coding best practices into the development life cycle particularly through the education of developers and application code testing before its too late or too expensive to make a change.
A full copy of the report can be downloaded from the Checkmarx site here.
Image credit: raneko/Flickr/CC by 2.0
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
