Almost all mobile apps vulnerable to malware

Image credit: Pixabay

After extensive testing of apps on both Android and iOS, new research from Positive Technologies has revealed that insecure data storage is the most common security flaw in all mobile apps.

The firm's new Vulnerabilities and Threats in Mobile Applications 2019 report found that while critical vulnerabilities are slightly more common in Android apps as opposed to in their iOS counterparts (43% vs 38%), this difference is minimal as the security level of mobile apps is roughly equivalent.

Positive Technologies' research found that insecure data storage is the most common vulnerability and this flaw is found in 76 percent of mobile apps. 

If exploited, this flaw could enable hackers to steal passwords, financial information, personal data and private messages.

Malware threat

Of the vulnerabilities discovered in mobile apps by Positive Technologies, 89 percent could be exploited by malware.

The risk of being infected with malware jumps on rooted and jailbroken devices though malware can also elevate privileges by itself. Once installed on a victim's device, malware can ask for permission to access user data and if permission is granted, the malware can then send that data back to the attackers.

Cyber security resilience lead at Positive Technologies, Leigh-Anne Galloway explained how smartphone users can protect themselves from insecure data storage and the growing malware threat, saying:

" In 2018, mobile apps were downloaded onto user devices over 205 billion times. Developers pay painstaking attention to software design in order to give us a smooth and convenient experience and people gladly install mobile apps and provide personal information. However, an alarming number of apps are critically insecure, and far less developer attention is spent on solving that issue. Stealing data from a smartphone usually doesn’t even require physical access to the device.

“We recommend that users take a close look when applications request access to phone functions or data. If you doubt that an application needs access to perform its job correctly, decline the request. Users can also protect themselves by being vigilant on not opening unknown links in SMS and chat apps, and not downloading apps from third party app stores. It's better to be safe than sorry."

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.