Skip to main content
  1. Home
  2. Mobile

ViaForensics: 10 pct of iOS, Android apps store clear text passwords

By

ViaForensis app data (Aug 2011)
Image used with permission by copyright holder

Almost everyone with a smartphone knows there’s some risk to carrying around apps that handle passwords, email, photos, personal info, and access to financial information on a device that you can easily leave unattended on a desk or sitting on a counter in a coffee shop. But just how many apps put users at risk? According to Chicago-based digital forensics company ViaForensics, a lot: their new Mobile App Security study finds that a full 10 percent of Android and iOS apps tested store passwords as clear text, completely unprotected if anyone should get ahold of a device. Furthermore, some 76 percent of apps tested store usernames in plain text—and while usernames might not seem terribly important to secure, sometimes they’re just the info a criminal or stalker needs to get to more-important info.

Recommended Videos

“Based on the results of this study, there is a serious potential threat for identity or financial theft if a lost smartphone should fall into the wrong hands,” ViaForensics wrote. “For instance, if a cybercriminal is able to steal one password, coupled with all of the usernames recovered, would pose a serious threat for someone who uses the same password on many accounts.”

Related

ViaForensics rated apps on a three-stage Pass-Warn-Fail system. A “Pass” rating meant that the company couldn’t find sensitive data it was looking for, or if the data was successfully encrypted. ViaForensics gate an app a “Warn” rating if they were able to uncover data but didn’t believe the exposed information put the user at significant risk, while a “Fail” rating meant ViaForensics was able to pull information like passwords and accounts numbers.

Of the 100 apps tested, 39 received a failing grade. Some 44 apps rated a warning, and only 17 got a “pass” rating.

Broken down by category, some 32 financial applications faired relatively well, with 14 passing and 10 receiving a warning: that means eight failed, including Mint for iPhone and Android, along with Wikiinvest and Square for the iPhone. Social networking apps, however, failed miserably, with none receiving a passing mark and a stunning 14 out of 19 failing. Retail apps also faired badly: of 14 apps tested, none passed, 12 for a warning, and 2 failed.

Overall, ViaForensics noted Apple made significant headway with iOS security with iOS 4.0, but notes that iOS users can’t afford to sit back and ignore potential risks from apps.

ViaForensics’ ratings for individual apps are available via their appWatchdog site.

Editors’ Recommendations

Topics
Geoff Duncan
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
WWDC 2025 date confirmed as we wait for iOS 19, macOS 16, watchOS 12 and more
Apple WWDC 2025 logo

Apple has confirmed the date for its annual World Wide Developers Conference (WWDC 2025), where executives from the Cupertino, California-based firm will reveal the next generation of its various software platforms.

WWDC 2025 will take place between June 9 and June 13, with the keynote presentation (which Apple is teasing as a "special event") set to happen on the first day of the conference. Apple has also confirmed that this year's WWDC event will be entirely online and all developers can join for free.

Read more
iOS 19: everything you need to know
iOS 19 sample logo.

Apple is expected to announce its next Worldwide Developers Conference (WWDC) in a few weeks. This event, likely scheduled for sometime in June, will showcase the next software version for iPhone, iOS 19. This update could prove significant if the current rumors are true. Here’s what we know — or at least think we know about iOS 19.
When will iOS 19 be revealed?
Apple has announced that this year's WWDC will be held the week of June 9. That means the keynote address will occur Monday, June 9, starting at 10 a.m. PDT.

Besides iOS 19, the company should introduce iPadOS 19, watchOS 12, and more.
What the rumors say
According to Bloomberg reports, iOS 19 will bring "one of the most dramatic software overhauls" in Apple's history, described as "the biggest revamp since iOS 7" in 2013. The update will "fundamentally change" the operating system's look with a redesigned interface that will update "the style of icons, menus, apps, windows, and system buttons."

Read more
EU iPhone users are getting another exclusive perk with iOS 18.4
Installing iOS 18.3 update on an iPhone 16 Pro.

The iOS 18.4 update is in beta right now, and it introduces a new option for users in the EU to set a default navigation app. This means no more pesky links opening in Apple Maps when you only use Google Maps -- but it won't be available for people in the U.S.

The EU's Digital Markets Act is forcing Apple to make various changes to its services, but unfortunately not all of these perks make it over to the U.S. Apple has made it clear that it doesn't agree with a lot of the rules the EU is setting, so a lot of the time, it only makes the changes when and where it absolutely has to.

Read more