In 2020, several mobile application security threats put customer data at risk and jeopardized revenue and brand reputation. Here are five mobile app security issues and privacy breaches that stood out in a year of rapid digital transformation.
NowSecure analyzed a mix of 75 Android and iOS holiday mobile apps for security and privacy risks. Overall, the results of our benchmark testing were disappointingly poor. Among the holiday apps we tested, 94% have security issues and 82% leak private data which indicates users should proceed with caution.
Mobile apps have become a top target for attackers and a high-risk vector for users and businesses alike. In fact, Gartner has warned, “Through 2022, mobile application security failures will be the biggest mobile threat for enterprises.” In order for their digital transformation efforts to succeed, companies must offer an innovative mobile app user experience combined with proper security and privacy protections.
NowSecure recently added API Security Testing to its portfolio of automated mobile application security testing solutions. Based on the OWASP API Security Top 10, the new capabilities enable app development and security teams to dynamically discover API risks and vulnerabilities and address them quickly before software release. NowSecure API Security Testing taps the NowSecure advanced dynamic test engine to discover and generate a list of all mobile-connected APIs; warn of any mobile-connected APIs that may violate OWASP API Top 10 and recommend further action; and help users identify unapproved “shadow APIs” that put their businesses at risk.
NowSecure Mobile Security Researcher Dawn Isabel has been an avid contributor to bug bounties over the years and has earned many accolades. Before joining the expert research team at NowSecure, Isabel amassed well-rounded experience at IOActive, Hewlett Packard Enterprise, the University of Michigan and Ford Motor Company. We recently spoke with
Isabel about testing the security of iOS and Apple Watch apps, the bug bounty community, and the tools she uses most.
Nobody wants to develop insecure mobile apps, but mistakes can happen when people move quickly to meet a release timeline. Familiarize yourself with the Open Web Application Security Project (OWASP) Mobile Top 10 common mobile application security issues and adopt secure coding best practices to boost quality. In addition, continuously test apps in the dev toolchain with SAST, DAST and IAST automated mobile application security testing.