Website security is a common concern today among many consumers and companies alike. Few, however, pause to give thought to the security of their mobile apps.
FireEye, a network security company, has released a new report, titled “Out of Pocket: A Comprehensive Mobile Threat Assessment of 7 Million iOS and Android Apps,” which, as the title alludes, details the security risks that threaten mobile apps.
To conduct the study, FireEye analyzed 7 million apps on both iOS and Android platforms that had more than 50,000 downloads. Researchers found that 31 percent of the apps studied were susceptible to a common vulnerability (JBOH attack). Of those susceptible to the JBOH attack, 18 percent were in categories that were fraught with potentially sensitive data including finance, shopping and health.
FireEye also found a new channel for iOS malware delivery that bypasses the Apple App Store review process which can either be conducted through USB connections or wirelessly and affects more than 1,400 publicly available iOS apps.
"Today, mobile apps represent a significant threat vector for enterprises," said Manish Gupta, senior vice president of products at FireEye. "Worse, most enterprises have little or no information on mobile security risks nor any way to deal with an advanced attack on a mobile device. Our findings highlight the threat apps pose and why enterprises must implement a mobile security policy that focuses on applications."