Because your phone is only as secure as the apps you use, you should be aware of the risks they may carry. appWatchdog is a free service by viaForensics created to provide you with an objective security analysis of popular mobile applications for the iPhone and Android.
The Process
To test an app, we install and use the app basically as any user would. We then examine the data on the device forensically to determine whether any sensitive data has been left on the device unencrypted.
Sensitive data stored on mobile devices poses a risk to consumers, because devices are frequently lost or transferred, and because malware could potentially grab the data. Some risks – such as stored passwords or credit card numbers – are clearly greater than others.
Note: for certain apps we have done an additional level of testing that includes data-in-transit (network analysis) and if so the results are noted in the findings for the app under “additional security tests.”
The Findings
After testing, we publish our findings on the appWatchdog site.
The findings are rated as PASS (green), WARN (yellow) or FAIL (red) for categories such as credit card, password, username, and other application data. A FAIL indicates highly sensitive data was found such as a password or credit card number. A WARN indicates that application-specific data is found. In a given round of testing, an app is given an overall PASS, WARN or FAIL based on the highest level of risk found.
The summary of all findings can be browsed or searched on the main appWatchdog page. Visitors are strongly encouraged to read the detailed results for the app by clicking the VIEW link from the summary page. The details show what category of information was found, and the user can confirm whether the version tested matches their version.
The Goal
In our regular forensic work, we find too many mobile apps handling sensitive data insecurely. It is viaForensics’ goal that appWatchdog inform consumers about potential data security risks posed by mobile apps by arming them with objective information. We further hope that app developers will be motivated to take all appropriate measures to secure their apps.
