A new report from Ponemon on mobile app security points to the rush to release as the reason for risks in mobile app security and IoT security, without time to do mobile app security testing.
The problem is compounded due to the need to push new updates to users without the time to do mobile app security testing, and now this problem is affecting IoT apps as well.
The research polled 593 IT and IT security leaders who understand their companies’ mobile app security testing process during release and development.
IoT app security is taking centre stage over mobile app security, with 84 percent reporting that IoT apps are more difficult secure against 69 percent concerned for the process of ensuring mobile app security testing to ensure mobile apps are secure when released.
55 percent claimed that there was minimal quality assurance and testing procedures for IoT apps.
IoT apps presents numerous problems due to the need to secure client side apps, device firmware, and the hardware itself. The skillset for doing so require multiple personnel, where mobile app security testing is often the role of one person.
69 percent of respondents view the rush to release as the reason for low mobile app security, with 75 percent claiming this is also a problem for IoT apps. 65 percent claimed that accidental coding errors also contribute to mobile app security & IoT problems, a problem that mobile app security testing checking for best practice would solve.
The report also makes clear that testing for mobile and IoT apps is done with no structure or predictable frequency, often taking place just before moving to production. When it comes to remediation the most difficult issues to remediate are broken cryptography and unintended data leakage. Overall, the rush to release is causing developer to neglect these problems until the last minute, often leaving them unfixed.
Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.