- Antonio Villas-Boas/Tech Insider
- A major chunk of the mobile apps we use have security weaknesses that can allow hackers to steal sensitive data, like passwords, financial information, personal data, and correspondence, according to a report from security researchers Positive Technologies.
- While Positive Technologies doesn’t highlight specific apps or types of apps, the weaknesses are common oversights during the design stage of an app.
- Both Android and iOS apps contain these weaknesses.
- App developers need to make “significant” changes in their apps’ code the report advises.
- Visit Business Insider’s homepage for more stories.
The majority of the apps we use on our mobile devices – including Android and iOS devices – have dangerous security weaknesses, according to a report by security researchers Positive Technologies spotted by ZDNet.
76% of the apps that were downloaded in 2018 have insecure data storage that can give hackers access to our passwords, financial information, personal data, and correspondence.
While the dangers are real, Positive Technologies classifies insecure data storage as “medium risk,” meaning it’s not as easily exploited as “high-risk” vulnerabilities.
38% of Android apps and 22% of iOS have vulnerabilities classified as “high-risk” – those that are easier for hackers to exploit to obtain sensitive data that can affect your finances and identity. These vulnerabilities include interprocess communication (IPC), a tool used by an app to communicate with other apps and operating systems.
Whether the risk is high, medium, or low, 89% of the security weaknesses in apps can be exploited remotely, meaning a hacker doesn’t need physical access to a device to install malware.
Positive Technologies didn’t specify which or what kind of apps have the vulnerabilities, which appear to be common oversights during an app’s design process. The research firm suggests that app developers would need to make “significant changes” to the code in their apps, and the report includes some recommendations.
The report didn’t mention whether these vulnerabilities have led to any data breaches so far.