Many top iPhone, Android apps face security woes

A new study from ViaForensics has found that there are a slew of popular applications that are currently "failing" at securing sensitive user data.

Don Reisinger
Former CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
Don Reisinger
2 min read

Some of the most popular applications available for the iPhone and Android handsets suffer from serious security issues, a recent study from security firm ViaForensics has found.

According to the security firm's appWatchdog study, a slew of companies, including Foursquare, LinkedIn, Netflix, and Wordpress earned a "fail" rating on storing sensitive data securely. Netflix's Android application, for example, failed to "securely store passwords," ViaForensics said. Surprisingly, the iPhone version of the Netflix app earned the highest "pass" rating for securely storing passwords.

Netflix is taking the findings seriously. In a statement to CNET, a company spokesman said that "Netflix members' privacy and personal-information security are a top priority for Netflix." The spokesman said that the streaming company will be "making a change on the app" to improve its security.

In a blog post discussing the results, the security firm said: "It is ViaForensics' goal that this resource help inform consumers about potential data security risks posed by mobile apps by arming them with objective information and that app developers will be motivated to work hard to take all appropriate measures to secure their apps."

For its part, Foursquare has already taken action to safeguard user data.

"If a user's Android device is stolen and the device is not password-protected, then a hacker with malicious intentions may be able to access that user's data," a Foursquare spokesperson told CNET in an e-mailed statement. "However, we haven't been notified of any such instances by our user base. Nevertheless, we pushed an update to all Android users on Tuesday, June 7, that will make even this type of access unavailable to hackers. We value the security of our users' personal information and are continually making enhancements to clear potential attack vectors that we become aware of."

Even so, ViaForensics' findings are certainly discouraging. The security firm found that LinkedIn failed to securely store application data on both iPhone and Android devices. The Wordpress iPhone application failed in that evaluation, as well. Even Google's Android Gmail application was cited as not storing application data securely. However, the iPhone's Google Gmail App scored at the top on securely storing passwords, usernames, and application data.

Not surprisingly, considering the personal nature of the information they store, banking applications scored highly in ViaForensics' testing. Bank of America, Citibank, Fidelity Investments, and Wells Fargo all earned top marks in the study. Most other top apps, however, suffered from at least one security issue.

ViaForensics' study is all the more concerning when one considers that mobile applications are becoming far more popular. Earlier this week, In-Stat reported that users will download 48 billion mobile applications to their smartphones in 2015. On Monday, Apple revealed that 14 billion apps had been downloaded from its App Store since 2008. Over 4.5 billion applications have been downloaded from the Android Market.

Update at 9:03 a.m. PT to include Netflix statement.