appWatchdog FAQ

appWatchdog: Improving mobile app security for consumers

All Findings | Overview | Suggest an App

If you have additional questions, please contact us.

For Consumers

  1. What is the goal of appWatchdog?
  2. How do mobile applications pose a security risk to consumers?
  3. Why does app security matter?
  4. An app I use is insecure! What can I do?
  5. How do you decide which applications to test?
  6. How can I suggest an app for you to test?
  7. Why do you provide this service?

For app developers

  1. How do we reach you for additional details?
  2. Where can we respond to your findings?
  3. What is your disclosure policy?
  4. How often do you re-evaluate apps?
  5. Do you provide security testing services to app developers?

For Consumers

What is the goal of appWatchdog?

appWatchdog provides critical information about security risks posed by mobile applications to their users. By providing a free service that tests publicly available mobile applications for insecure transmission and storage of sensitive user data, we provide information that can help you protect your identity and financial data.
-Top-

How do mobile applications pose a security risk to consumers?

Every time you use your mobile device (iPhone, Blackberry, Android, iPad, etc.) to check your bank accounts, update your Facebook status, reload your Starbucks card, make a quick Amazon.com mobile purchase or engage in other online activities, there is a chance that your personal information is saved to the mobile device. We carry our mobile devices with us, which puts them and our personal information at greater risk of loss or theft.

Most developers want to provide secure applications, however the rapid development and release of mobile applications in response to consumer demand has resulted in less than rigorous security testing. appWatchdog provides a valuable service by arming you with the information they need to protect your identity and financial data.
-Top-

Why does app security matter?

If your smart phone does not store sensitive information, then even if it is lost, stolen or compromised, your information is still secure. However, like laptops and desktops, smart phones typically store enormous amounts of information, including sensitive data, and are vulnerable to attack. Because people often reuse their usernames or passwords across different accounts, an attacker can potentially access many of your sensitive online accounts simply by obtaining access to only one of them.
-Top-

An app I use is insecure! What can I do?

There are three important steps you can take to address the issue:

  1. Stop using the app (or uninstall it)
  2. If extremely sensitive data was saved on your device, you should factory reset the device to erase your data. Be sure you backup key files first (such as pictures) so you do not lose important information
  3. Let the app developer know you want them to protect your sensitive data. There are several easy ways you can do this:
    1. Recommend our appWatchdog page on Facebook (click Recommend below or on any page)
    2. Sign up for email updates or suggest other apps we should test
    3. Blog, Tweet, Digg, Recommend or otherwise share appWatchdog. This will have the greatest impact on the app developers, letting them know they must protect consumer’s sensitive data.

-Top-

How do you decide which applications to test?

Our primary focus is on popular apps which require a username and password and that may store sensitive data. We combine input from consumers and the popular apps on various smart phone platforms to create our appWatchdog test queue. App suggestions from consumers are given a higher priority.
-Top-

How can I suggest an app for you to test?

Visit our appWatchdog Suggestions page.
-Top-

Why do you provide this service?

We are mobile application users as well, and want to see companies take security seriously. After discovering this issue in the course of our forensic work, viaForensics decided that the public should know as well so users can make informed choices and protect their information.
-Top-

For app developers

How do we reach you for additional details?

Just call or email, details are on our contact us page.
-Top-

Where can we respond to your findings?

You can contact us and provide a response. We will place appropriate responses prominently in your appWatchdog results page.
-Top-

What is your disclosure policy?

We adhere to an ethical disclosure policy designed to protect consumers.

When we identify a security or data disclosure risk, we contact the app developer. At that point, we provide the vendor with a description of the vulnerabilities and can assist in the resolution. Three business days after notifying the vendor, we may publish our findings.

For appWatchdog, the overriding consideration in our disclosure policy is that generally a consumer can immediately eliminate the risk by not using the app (and in some cases resetting the phone). We believe consumers have the right to understand application flaws that put them at risk for identity and financial theft.
-Top-

How often do you re-evaluate apps?

Out goal is to re-evaluate applications within 30 days of an update, however this time frame is not guaranteed. We will focus follow-up testing on applications where risks were previously identified.
-Top-

Do you provide security testing services to app developers?

Yes, however appWatchdog and appSecure operate independently. You can contact us for more information.
-Top-