Media and entertainment companies have riskier mobile apps
As the world increasingly turns to mobile devices to access the internet and conduct business, so firms are eager to put out their own apps.
But new research from security ratings company BitSight reveals that many companies may be rushing out apps that have vulnerabilities which could lead to data leakage, privilege abuse, unencrypted personally identifiable information (PII), and credential theft.
BitSight examined representative samples of more than 1,000 companies in five industry sectors that offer mobile applications on iOS and Android. It found over half of the companies studied in the media and entertainment industry offer risky mobile applications.
A quarter of finance companies have risky mobile applications, which may pose greater risk of bank accounts being accessed without proper authorization or the exposure of payment information. In the education sector, with many universities offering numerous applications, vulnerabilities could present a considerable risk to the data of students and prospective students, as well as faculty.
Mobile applications were tested for known security vulnerabilities and issues documented in The Common Vulnerability Scoring System (CVSS). Over 10 percent of media/entertainment and education apps that failed high severity tests have unencrypted location data, meaning attackers may be able to glean location and GPS data on end-users.
The finance sector has the highest rate of broken SSL configurations (invalid TLS/SSL certificates) and over 34 percent of applications that failed high severity tests in the finance industry could be vulnerable to man-in-the-middle and other attacks that can compromise data. Over 32 percent of business services and education mobile applications that failed high severity tests are not encrypting end-user data.
You can find out more about the results on the BitSight blog.