We tested 5 apps, each having an iPhone and Android version: Dropbox, Facebook, Groupon, Kik Messenger and Mint.com.
All applications failed to securely store user name and application data. More troubling, 4 apps were storing passwords in plain text (not encrypted), specifically:
Why does this matter (from FAQ)?
If your smart phone does not store sensitive information, then even if it is lost, stolen or compromised, your information is still secure. However, like laptops and desktops, smart phones typically store enormous amounts of information, including sensitive data, and are vulnerable to attack. Because people often reuse their user names or passwords across different accounts, an attacker can potentially access many of your sensitive online accounts simply by obtaining access to only one of them.
An app I use is insecure! What can I do (from FAQ)?
There are three important steps you can take to address the issue:
- Stop using the app (or uninstall it)
- If extremely sensitive data was saved on your device, you should factory reset the device to erase your data. Be sure you backup key files first (such as pictures) so you do not lose important information
- Let the app developer know you want them to protect your sensitive data. There are several easy ways you can do this:
- Recommend our appWatchdog page on Facebook (click Like below or on any page)
- Sign up for email updates or suggest other apps we should test
- Blog, Tweet, Digg, Recommend or otherwise share appWatchdog. This will have the greatest impact on the app developers, letting them know they must protect consumer’s sensitive data.