Insecure Mobile Apps a Big Problem

Many mobile apps are not properly scanned for security vulnerabilities before they become generally available, found a new Ponemon Institute study sponsored by IBM.

As the world quickly moves to BYOD and mobile device use, 65 percent of the study’s respondents agreed that the security of mobile apps is sometimes put at risk because of customer demand or need. The “rush to release” mobile apps due to such pressures is a challenge for security professionals, the report noted.

Cross-site scripting (XSS) is one of the top mobile development risks highlighted by the report, which surveyed 640 individuals who are involved in their organization’s application development and security processes. Fifty-four percent of respondents said they expect insecure mobile apps will increase the incidence of XSS in the next 12 months.

Perhaps most surprising, 38 percent of respondents admitted that their organizations don’t scan for mobile app vulnerabilities. Not coincidentally, the study found that only 14 percent of organizations have a high degree of confidence in their organization’s ability to secure mobile apps.

Overall, a whopping 82 percent of respondents believe mobile apps have increased security risks for companies.

MobileFirst Protect

IBM is using the study data to validate the need for its new IBM MobileFirst Protect release. IBM MobileFirst Protect was formerly known as MaaS360 and is based on technology gained in IBM’s acquisition of mobile security specialist Fiberlink.

It is available for both new and IBM existing customers without having to perform any upgrades, Jim Szafranski, VP, Mobile Management, IBM Security, told eSecurity Planet.

A key part of the upgraded product is the inclusion of advanced mobile threat management (MTM) technology.

“It’s a security product which analyzes the apps on a device and checks them for malware,” Szafranski said. “It is similar to mobile device management (MDM), mobile content management (MCM) and mobile application management (MAM) being components of an enterprise mobile management (EMM) platform.”

MobileFirst Protect is available via software-as-a-service (SaaS) and on-premises. It is deployed on smartphones and tablets to manage corporate and employee-owned devices. Users get started with a simple enrollment and app installation.

One of the major risks that all mobile users face is infection from malicious sites. To that end MobileFirst Protect also provides a secure Web browser, which enables the ability to securely connect to corporate resources without a device-level VPN.

MobileFirst Protect also includes technologies from the IBM Trusteer Mobile SDK, which includes device security checks for issues such as jailbreak/root, SMS listeners and malware.

“In addition, it protects the user by blocking known malware and malicious websites using a scanning engine and reputation database,” Szafranski said.

Sean Michael Kerner is a senior editor at eSecurity Planet and Follow him on Twitter @TechJournalist.

Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Top Products

Related articles