Sensitive User Data Stored on Android and iPhone Devices, July 2011
Data (in)security is rapidly gaining consumer attention in major media. In 2011 major breaches at Sony, Epsilon and others have highlighted the risk consumers face from their data being compromised. Major corporations are now recognizing the urgency to implement strong and innovative security measures to ensure the security of their customers’ data.
At the same time, both Apple and Google have seen stunning growth in the past few years and now dominate the smartphone market. Companies and app developers have leveraged these platforms to provide new mobile services, often bringing them to market very quickly. But what steps have the smartphone OS providers and app developers taken to secure the data on their customers’ smartphones?
At viaForensics we believe in proactive forensics – applying the power of forensic methods proactively to improve digital security. With appWatchdog we utilize forensic techniques to investigate consumer mobile apps and understand what user data is stored and could be at risk.
This white paper summarizes our findings for the first 100 tests, from November 2010 through June 2011. The full detailed findings of appWatchdog can be found on our Web site at http://viaforensics.com/appwatchdog.
What’s at Risk?
Smartphones today handle a great quantity of private and sensitive data, in a highly portable, network-connected mobile computer. The data stored and transmitted can include security credentials, personal financial information, private communications, sensitive company data and more.
The appWatchdog tests focus on what is stored on the device. Smartphone apps handle usernames, passwords and private app data, all of which should be stored securely or not at all. In the event of a lost device or malware infection, data stored insecurely can be compromised.
Other aspects of mobile app security including secure communications, coding practices and resistance to malicious attacks are also very important. The full scope of viaForensics’ appSecure mobile audits and certification include comprehensive testing beyond the scope of the appWatchdog study.
Download PDFConsumer Risk
Google and Apple
Testing Process and Ratings
Findings: Financial Apps
Findings: Social Networking Apps
Findings: Productivity Apps
Findings: Retail Apps
Findings: Overall
Conclusions
View appWatchdog Findings >>
| NEXT >> |
