Hero Diamond Background

Mobile Application Risk

As security and risk professionals take steps to improve their organization’s cybersecurity posture, email, network, and web security often take center stage. This makes perfect sense, as these have been preferred attack vectors for decades. However, as internet use continues to move toward a mobile-centric experience, it has become critical to consider mobile applications when crafting your organization’s security strategy.

Download free report
Button Arrow

As security and risk professionals take steps to improve their organization’s cybersecurity posture, email, network, and web security often take center stage. This makes perfect sense, as these have been preferred attack vectors for decades. However, as internet use continues to move toward a mobile-centric experience, it has become critical to consider mobile applications when crafting your organization’s security strategy.

mobile risk quote 1

In this report, you’ll find eye-opening statistics on the state of mobile application security today, examples of how and why mobile breaches occur, and actionable advice for mitigating risks associated with your own mobile applications, as well as apps from third-party partners and suppliers.

You’ll also get BitSight’s latest research on mobile application security—including performance stats by application genre, sector, and popularity. Finally, you’ll learn how to reduce risk and demonstrate security performance to customers, prospects, and other critical stakeholders.

Since mobile applications store massive amounts of users’ personal information, breaches and data leakage can expose organizations to significant risk, as evidenced by news coverage throughout 2021. In March, a breach in its mobile app forced a Formula 1 racing team to call off an augmented reality campaign after its app was hacked. In June, a healthcare provider was breached via unauthorized access to a third-party mobile app called Smart Clinic.

In August, British Airways disclosed that approximately 380,000 card payments were compromised after a security breach occurred on the company’s website and mobile app. The breach compromised the personal and financial details of customers—including name, address, and bank card details like CVC code.

In September, security researchers found that 14 top Android apps, downloaded by more than 140 million people in total, are leaking user data due to Firebase misconfigurations. Exposed data potentially includes users’ names, emails, usernames, and other PII. Firebase is a mobile application development platform with an active monthly base of more than 2.5 million apps.

“Mobile applications already drive much of today’s digital activity and that will only increase in the future. 5G, increased work-from-home, and the ever-increasing availability of mobile devices have all but assured that cyber criminals will look for avenues into mobile applications to conduct attacks,” said Stephen Boyer, Founder and CTO of BitSight. “For these reasons, it is critical for organizations to understand risks associated with mobile applications created in-house and those published by third parties.”

3 out of 4 mobile applications evaluated contained at least one Moderate vulnerability.

3 out of 4 mobile applications evaluated contained at least one Moderate vulnerability.

Material and Severe vulnerabilities, including Arbitrary Code Execution, were observed in highly popular mobile apps.

Material and Severe vulnerabilities, including Arbitrary Code Execution, were observed in highly popular mobile apps.

Very few Material and Severe vulnerabilities were remediated once they were in production.

Very few Material and Severe vulnerabilities were remediated once they were in production.

Android shopping apps, which transmit personal identifying information (PII), performed poorly in TLS Certificate Validation for Sensitive Data.

Android shopping apps, which transmit personal identifying information (PII), performed poorly in TLS Certificate Validation for Sensitive Data.

GPS Data Leakage was a problem across a variety of sectors and mobile app genres—including Aerospace and Defense.

GPS Data Leakage was a problem across a variety of sectors and mobile app genres—including Aerospace and Defense.

2022 BitSight Mobile Application Risk Report Cover

Get BitSight’s latest research on mobile application security where you’ll find eye-opening statistics on the state of mobile application security today, examples of how and why mobile breaches occur, and actionable advice for mitigating risks associated with your own mobile applications, as well as apps from third-party partners and suppliers.

Download Report
Button Arrow