Based on security testing of top 50 mobile apps in the shopping category in the US
SAN FRANCISCO, USA, May 22, 2018 /EINPresswire.com/ — Mobile security companies, Appknox and SEWORKS, published the results of a joint detailed security assessment of the top 50 Android mobile shopping apps in the United States. The report, “Security Status in m-commerce,” reveals that more than 84% of the shopping apps have three or more high-level security vulnerabilities.
Prateek Panda, Co-Founder and CMO of Appknox said, “The idea is to generate awareness that many popular mobile apps built today are plagued by security issues and vulnerabilities. We chose the shopping category because this is one of the categories with the most downloaded apps that also involve numerous financial transactions on a daily basis. It’s important for businesses to become proactive and perform a security check before launching mobile apps. This report is an attempt to encourage a step in that direction.”
“Mobile shopping experience is becoming extremely convenient with options to store the consumer’s credit card and shipping address information. Often times, shoppers simply need to click on the purchase button on an app to complete their shopping, without entering any additional information. However, do those apps have sufficient security measures? That’s the key question we wanted to ask and that is what our report helps answer.” said Sung Cho, VP of Growth and Strategy for AppSolid.
Here are some of the security vulnerabilities Appknox and SEWORKS uncovered:
A total of 274 vulnerabilities were detected among the top 50 Android mobile shopping apps, and all had security risks. The apps were tested across 34 different security testing categories.
94% of the apps failed an “Unprotected Exported Receivers” test. Android apps export receivers, which respond to external broadcast announcements and communicate with other apps. For instance, when Receivers are not protected — hackers can modify the app’s behavior as they wish, and insert data that doesn’t belong to apps.
70% of the apps were found to be affected by “Unprotected Exported Activities.” Activities are executed via authorized access. When an Activity is exported with no protection, it can be remotely launched outside of the app. This may allow hackers to access to sensitive information, modify the internal structure of the applications, or deceive a user into communicating with the compromised application while believing they are still interacting with the original application.
64% of the apps were affected with “App Extending WebView Client.” When WebView Clients are not correctly protected in-app extensions, hackers can deceive users into inputting sensitive personal information in fake or copied apps, resulting in loss of user data, damages, and SSL compromises.
The complete list of security vulnerabilities can be found in the Appknox and SEWORKS report, “Security Status in m-commerce.”
About Appknox: Appknox is a cloud-based mobile security solution that helps businesses and developers discover and resolve security vulnerabilities, in a matter of minutes. Appknox is a product developed by XYSec Labs Pte. Ltd., a company headquartered in Singapore with offices in Bangalore and San Jose. Appknox is supported by JFDI Asia, Microsoft Accelerator, and Cisco Launchpad and was founded by Harshit Agarwal, Subho Halder, and Prateek Panda.
About SEWORKS: Founded by five-time DEF CON finalists, SEWORKS offers both offensive and defensive security solutions for mobile and web apps. Backed by Softbank Ventures, Qualcomm Ventures, Samsung Ventures, Smilegate Investment, and Wonik Partners, SEWORKS is headquartered in San Francisco with an R&D center in Seoul, Korea. SEWORKS’ AppSolid is a cloud-based mobile app security solution that provides advanced security within minutes. AppSolid offers a complete approach to mobile app security with its Protect and Track features.
email us here
Source: EIN Presswire