The Synopsys Cybersecurity Research Center (CyRC) analyzed more than 3,000 popular Android applications to assess the state of mobile app security during the COVID-19 pandemic. By @securitymagazine.com.
The research focused on three core areas of mobile app security:
- Vulnerabilities: The presence of known software vulnerabilities in the applications’ open source components
- Information leakage: Sensitive data such as private keys, tokens, and passwords exposed in the application code
- Mobile device permissions: Applications requiring excessive access to mobile device data and features
The analysis reveals that the majority of apps contain open source components with known security vulnerabilities. It also highlights other pervasive security concerns including myriad potentially sensitive data exposed in the application code and the use of excessive mobile device permissions.
Some oof the interesting findings:
- App composition – open source is eating the app store! 3,267 (98%) of the apps contained open source software (OSS) components, with an average of 20 OSS components per app
- The vulnerable apps contained an average of 39 distinct vulnerabilities
- 94% of the vulnerabilities detected have publicly documented fixes
- 73% of the known security vulnerabilities are more than two years old
For consumers, this report highlights the jarring reality that even the most popular mobile apps are not immune to security and privacy weaknesses and should not be trusted implicitly. For app developers, this underscores the urgent need for secure software development practices and better overall privacy and security hygiene. Great read!
[Read More]