Up to 10 percent of mobile apps expose user passwords and login names, 25 percent expose personally identifiable information, and 40 percent communicate data with third parties, according to security company Zscaler.
Having analysed “hundreds” of applications, the company found that “many popular apps” leave user names and passwords unencrypted, while others insecurely share personal information – including names, email addresses and phone numbers.
Michael Sutton, VP of security research at Zscaler, noted: “App stores have strict guidelines about which logos and colours developers can use, yet application security remains largely unenforced.”
The results were found using the company’s Zscaler Application Profiler, a free online tool which “makes it easy for user to assess mobile apps for security risks”.
Sutton said that “using ZAP, mobile app developers, users and corporate IT organisations can easily assess the security risks of apps before they are installed, and analyse installed apps for privacy violations”.
Comments