Experts have tested mobile applications for iOS and Android and found out that most applications don’t store data securely and a hacker doesn’t often need a physical access to the victim’s smartphone to stole personal information.
According to the study, applications for Android with critical vulnerabilities can be met more often than for iOS (43% vs 38%). However experts consider this difference to be insignificant and the common level of safety of client mobile applications is almost equal for both platforms.
Experts said that the most common vulnerability is the insecure data storage, which can be met in 76% of mobile applications: hackers can receive passwords, finance information, personal data and private messages.
"Hackers rarely need physical access to the victim’s smartphone to stole data: 89% of detected vulnerabilities can be exploited with the use of malicious software, – said Yana Avezova, information security analyst of Positive Technologies. – The probability of infection increases significantly on devices with administrative privileges (root or jailbreak). However malicious software can enhance rights itself. Once on the victim's device, the malware can request permissions to access user data and after that to transfer data to attackers. We recommend users to be attentive to notifications from applications requesting access to any features or data. Don’t provide access permission if there is any doubt about its need for the normal functioning of the application."
According to he results of the study, the server part is no less vulnerable than the client: 43% have low or extremely low level of protection, at the same time, 33% contain critical vulnerabilities. Among the most common disadvantages of a high level of risk in server parts – insufficient authorization and information leak.