Some 90 percent of iOS mobile applications have at least one security vulnerability, according to HP research quoted by ZDNet. The companyâ€™s enterprise security team, HP Fortify, tested 2,107 mobile apps from the Forbes Global 2000, published by more than 600 developers.
Most applications tested lacked binary hardening protection that should prevent problems such as buffer overflows, path disclosure and jailbreak detection.
Mike Armistead, HP Fortify vice president and general manager for Enterprise Security Products, told ZDNet that 71 percent of the vulnerabilities found were actually problems on the server end of the app, usually common vulnerabilities such as SQL injection and cross-site scripting bugs.
HP research also showed 3 in 4 apps didnâ€™t encrypt personal data, including passwords, before storing it on the device. At the same time, 18 percent of the apps tested sent data over the network without SSL encryption. The same percentage used SSL incorrectly, which could allow anyone, including hackers, to snoop on private data by simply connecting to a Wi-Fi network.
Though it only tested iOS apps, HP said there are indicators to believe the same problems exist on the Android platform too. Several Bitdefender studies already showed Android users are vulnerable to hacking and malware attacks. Recent research of the antivirus company revealed 1.2 percent of the Google Play Store consists of thief-ware, as many apps are stolen from other developers and re-engineered for illicit gains.