Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Watch out, your work mobile apps could be a huge security risk - here's what to look out for

Zimperium Android
Shutterstock.
  • Almost all enterprise mobile apps come with security risks, experts warn
  • Most frequent flaws include misconfigured cloud storage, hardcoded credentials, or outdated cryptography
  • Zimperium shares its advice on how to stay safe

If your business is using mobile apps, there is a good chance those apps are leaking sensitive information and putting your entire operation at risk of data breaches, loss of trust, regulatory fines, and a whole swathe of other headaches.

Cybersecurity researchers Zimperium analyzed more than 17,000 enterprise mobile apps, and revealed many carry vulnerabilities such as misconfigured cloud storage, hardcoded credentials, or outdated cryptography, and while these are not tied to a particular platform, there were significantly more iOS apps vulnerable (11,626 on iOS compared to 6037 on Android).

Breaking the numbers down, the researchers found 83 Android apps with misconfigured or otherwise unprotected cloud storage, and 10 Android apps with exposed AWS credentials.

Spoofing SharePoint

Almost all of the analyzed apps used weak or flawed cryptography, and five of the top 100 apps had high-severity cryptographic flaws. Others, also from the top 100, had storage directories exposed to the public.

“Our research found that 88% of all apps and 43% of the top 100 use one or more cryptographic methods that don't follow best practices,” the researchers said. “In some cases - high-severity cryptography flaws.”

To avoid these risks, Zimperium suggests that every company’s mobile device fleet manager gains visibility into app behavior patterns. That way, they’ll be able to identify misconfigured cloud storage settings, detect exposed credentials and API keys, and evaluate cloud service integration security.

Furthermore, they should validate encryption methods and key management, identify outdated or weak algorithms, assess security of integrated cloud SDKs, validate third-party cryptographic implementations, and monitor for known vulnerabilities.

“We cannot change the apps, but we can choose which apps we allow to ensure our data’s security,” they concluded.

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Wild chimpanzees filmed by scientists bonding over alcoholic fruit
Footage of apes consuming fermented breadfruit leads researchers to ask if it may shed light on origins of human feasting
The Guardian - UK
The Guardian - UK
Larry David roasts Maher-Trump dinner
The comedian wrote an essay about a fictional dinner with Adolf Hitler for the New York Times
Salon
Salon
“Call PETA”: Jennifer Garner Slammed For “Animal Cruelty” After Filming Video With Her Cat
“You're hurting your cat,” a social media user exclaimed after Jennifer Garner shared a clip with her ragdoll cat, Moose.
Bored Panda
Bored Panda
"Chris Cornell was the first rock star to consume the contents of my stomach." How Pearl Jam's Eddie Vedder and Soundgarden's Chris Cornell inspired the youth of America to drink vomit in the early '90s
Things got freaky on Lollapalooza 1992 thanks to The Jim Rose Circus Sideshow and their rock star friends
Louder
Louder
Massive “Thirst” Over Guy In Joe Biden’s Family Easter Pic As Internet Finds Out Who He Is
"He looks like he writes poetry."
Bored Panda
Bored Panda
Jared Leto Labeled “Hollywood’s Most Persistent Predator” After Woman Unleashes Bombshell Allegations
"Hollywood's most persistent predator"
Bored Panda
Bored Panda
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play