Security vulnerabilities found in three quarters of mobile apps

android vs ios v app store

Three quarters of Android and iOS apps have security vulnerabilities related to insecure data storage, according to a new report by enterprise security company Positive Technologies.

The report, first highlighted by ZDNet, lays out the security issues identified in many apps found on both the Google Play store and the iOS App Store. The insecure storage of data from apps could lead to information like passwords, financial details, personal data, and communications being accessible by hackers.

In addition to insecure data storage, which was the most commonly identified security issue, vulnerabilities classified as “high risk” were identified in 38% of iOS apps and 43% of Android apps. The report did not single out particular apps which were security threats, but rather identified trends throughout app design which could lead to security issues.

A particular concern raised by the report is that apps do not only work on the client side (i.e. on the user’s phone). They also often transmit data to a server which is hosted by the developer. While modern phone operating systems have some security mechanisms in place to prevent inappropriate access to data, there are often no such protections in place for data stored on the developer’s server or moving between the phone and the server. This means that vulnerabilities are just as common on the server side as on the client side.

The report includes recommendations for developers on how to create apps with better security, but what about for users? Firstly, users should pay attention to what access apps request when they are first installed. Look at what permissions an app is asking for and consider whether it is reasonable for the app’s function. If it is not, don’t install the app. Also, the report advises against rooting or jailbreaking your device as this disables some of the operating system’s built-in security features.

Other recommended regular security practices include using a properly randomized password or pin (not your birthday) and being careful what links you click on. You should also update your OS and your apps regularly, avoid third-party app stores, and not plug your phone into unknown PCs or charging stations.

And finally, lest you think that one operating system is better than another in terms of app security, the report warns against this. Although there were slightly more vulnerabilities found in Android than iOS apps, the report states that “this difference is not significant, and the overall security level of mobile application clients for Android and iOS is roughly the same.”

Smart Home

Eight Sleep's Pod bed cools, heats, and tracks sleep data for couples

The Pod bed by Eight Sleep measures data to determine a sleep fitness score. It also creates the ideal temperature environment to help you get better sleep. How does the Pod bed measure up?

These 6 popular browser extensions are selling your data

Some popular browser extensions are collecting and selling your data, according to a a new investigation. The extensions in question are Hover Zoom, SpeakIt!, SuperZoom, SaveFrom.net Helper, FairShare Unlock and PanelMeasurement.

Slack is resetting user passwords in response to a 2015 data breach

In response to recently discovered information regarding a 2015 data breach, collaboration software company Slack will be resetting the passwords of some of its user accounts beginning July 18.

Worried about how FaceApp is using your photos? Here’s how to delete your data

Are you concerned about your privacy with FaceApp? If so, you might want to delete your data from the app. The app has come under fire for its terms of service and privacy policies that it can use your face photos in any way it wants to. 

Need to block ads and trackers? Browse our list of the best browsers for privacy

Whether your privacy concerns are focused on controlling cookies or blocking ads and malware, you're sure to find the best browser for your security needs among our picks for the best browsers for privacy.

A new phishing scam targets Amazon users just in time for Prime Day

Security researchers at McAfee say that hackers have released a do-it-yourself kit that allows people to easily put together phishing scams targeting Amazon users -- just in time for Prime Day.

Is the Apple Card any better than a regular credit card? We asked an expert

The new Apple Card is integrated with your iPhone and comes with a titanium backup card for places that don’t accept Apple Pay, but how does it stack up against the competition? We asked some experts to find out.
Emerging Tech

Stay up to date on Tropical Storm Barry's path with these apps and websites

Looking to track Tropical Storm Barry as it makes landfall and heads into the southeastern U.S.? We've assembled a list of the best hurricane tracking apps and websites to stay ahead of the storm, and out of harm's way.
Movies & TV

Tired of Netflix? Here's where to find free movies online, legally

We've spent countless hours digging around the web to find the best sites for streaming free movies online. Not only are all of these sites completely free to use, they're also completely legal and trustworthy.
Social Media

Twitter’s mobile-inspired dark mode desktop makeover isn’t just about looks

Twitter.com may have a new look, but it's one that already feels familiar. The new design for Twitter's desktop version borrows heavily from the platform's mobile apps, with a sleeker look, a new dark mode, and easier navigation.

Dirty deeds are uncovered dirt cheap with these online background check resources

There are plenty of reasons for carrying out a background check, and not all of them are creepy. Here are several methods to run a background check on someone online, whether you need to vet a potential hire or a new babysitter.

Carbuying can be tiring: Here are the best used car websites to make it easier

Shopping for a used car isn't easy, especially when the salesman is looking to make a quick sale. Thankfully, there are plenty of sites aimed at the prospective buyer, whether you're looking for a sedan or a newfangled hybrid.

Expedia warns travelers of customer service refund scam

Scammers are posing as employees of Expedia to take money from unknowing consumers. Expedia Group and the Better Business Bureau teamed up to warn consumers of these scams that have been reported within the last several days.

Today’s Google Doodle celebrates the 50th anniversary of the moon landing

In celebration of the 50th anniversary of Apollo 11’s lunar landing, Google has created an interactive Google Doodle that takes users to the moon. The Google Doodle, made in partnership with NASA, features a short illustrated video…