Skip to main content

Security vulnerabilities found in three quarters of mobile apps

Image used with permission by copyright holder

Three quarters of Android and iOS apps have security vulnerabilities related to insecure data storage, according to a new report by enterprise security company Positive Technologies.

The report, first highlighted by ZDNet, lays out the security issues identified in many apps found on both the Google Play store and the iOS App Store. The insecure storage of data from apps could lead to information like passwords, financial details, personal data, and communications being accessible by hackers.

Recommended Videos

In addition to insecure data storage, which was the most commonly identified security issue, vulnerabilities classified as “high risk” were identified in 38% of iOS apps and 43% of Android apps. The report did not single out particular apps which were security threats, but rather identified trends throughout app design which could lead to security issues.

Please enable Javascript to view this content

A particular concern raised by the report is that apps do not only work on the client side (i.e. on the user’s phone). They also often transmit data to a server which is hosted by the developer. While modern phone operating systems have some security mechanisms in place to prevent inappropriate access to data, there are often no such protections in place for data stored on the developer’s server or moving between the phone and the server. This means that vulnerabilities are just as common on the server side as on the client side.

The report includes recommendations for developers on how to create apps with better security, but what about for users? Firstly, users should pay attention to what access apps request when they are first installed. Look at what permissions an app is asking for and consider whether it is reasonable for the app’s function. If it is not, don’t install the app. Also, the report advises against rooting or jailbreaking your device as this disables some of the operating system’s built-in security features.

Other recommended regular security practices include using a properly randomized password or pin (not your birthday) and being careful what links you click on. You should also update your OS and your apps regularly, avoid third-party app stores, and not plug your phone into unknown PCs or charging stations.

And finally, lest you think that one operating system is better than another in terms of app security, the report warns against this. Although there were slightly more vulnerabilities found in Android than iOS apps, the report states that “this difference is not significant, and the overall security level of mobile application clients for Android and iOS is roughly the same.”

Georgina Torbet
Georgina has been the space writer at Digital Trends space writer for six years, covering human space exploration, planetary…
Google Home app to see major redesign
Google Home icon on home screen.

Google's Home app on iOS has been pretty stagnant over the past few years while the company has been adding features to the service and its products. Luckily, Google has committed to giving the app a pretty big overhaul in the upcoming weeks. This overhaul should change the primary grid you use to interact with your devices.

You are presented with a grid divided into different sections upon opening the current Google Home app. The top area has quick settings to manage your house or get into a specific smart home section. For example, there's a light section where you can see and control all your home's lights or a routines section to add or edit routines. The subsequent sections are your home's separate rooms and their devices.

Read more
The Winter Olympics gets a new video game … featuring NFTs
Olympic NFT game key art shows athletes participating in various sports.

Power Rangers: Battle for the Grid developer nWay and the International Olympic Committee have teamed up to announce Olympic Games Jam: Beijing 2022. This free-to-play mobile game launches today, but before you get too excited, know that this competitive multiplayer game is based around NFTs that give players an in-game advantage and have proven to be controversial recently.
Olympic Games Jam: Beijing 2022 features several sports minigames based on Olympic events like Snowboard Cross, Ski Cross, Skeleton, Slopestyle, and Slalom. Players can make customizable avatars and compete against other players in a series of randomized events, getting a gold medal if they are the last one standing. The developer even plans on constantly updating the game with new sports, events, and modes.
While it seems like the kind of harmless Olympics minigame collection we've seen before, it's actually a play-to-earn game meant to bolster nWay's Olympic NFT digital pins.

Before the game's release, nWay sold Olympic NFT digital pins on its nWayPlay marketplace. Players can earn and then sell these pins by playing Olympic Games Jam: Beijing 2022. In-game, these NFT digital pins will give players access to better rewards and even extend power-ups that make the player go faster, control better, and resist hazards.
Those who spend the most money on pins will theoretically do the best in the minigames. This all makes Olympic Games Jam: Beijing 2022 seem like a pay-to-win game, which would be antithetical to the friendly and respectful competition that the Olympic Games represent. It also shows how challenging it could be for game developers to incorporate NFTs without hurting the experience of those who don't want to use them.
Olympic Games Jam: Beijing 2022 launches today for iOS and Android. 

Read more
Apple’s iOS 15.3 update fixes critical Safari security bug
iPhone showing Home Screen with widgets resting on soft white cloth background.

Apple has just released iOS 15.3, and while this latest update doesn’t add any significant new features, it addresses at least one critical security flaw. Earlier this month, software engineer Martin Bajanik of FingerprintJS found a serious vulnerability in Safari 15, the browser included in iOS 15 and iPadOS 15, that could leak browsing history information and even credentials from online services that a person is using, such as Google, YouTube, Amazon, and sites using WordPress.

As Bajanik explains, many websites use an API called IndexedDB to request that browsers like Safari and Chrome store information in a local database on a person’s device. Under normal circumstances, a given website should only be able to request information about the databases that it created — any others should be invisible to it.

Read more