As bad as that is, it’s just the tip of the proverbial iceberg.
Here are some additional disturbing stats from their report:
- 44 percent of the apps with vulnerabilities place the user’s personal data at risk
- 70 percent are prone to leak critical information stored on the device
- 96 percent of them contain flaws that would allow any malicious actor to exploit them to launch an attack on the target device
- Of those, one in six (17 percent) has a flaw severe enough that it would allow an attacker to assume complete control over the app, and from there, the device itself
The majority of these flaws (some 65 percent) are the result of simple coding errors, with improper configuration of web servers being the most common of these.
There is one bright spot in the otherwise dismal report, though. The percentage of apps with critical vulnerabilities has declined slightly, down from 52 percent last year, and 59 percent the year before. So the numbers, while frustratingly large, are trending in the right direction.
Ed Keary, the CEO of Edgescan had this to say on the topic:
“DevSecOps needs to be embraced such that security is throughout the development pipeline. Application component security management (software components used by developers) is still not commonplace in terms of supporting frameworks and software components and is a common source of vulnerability.”
If your firm designs such applications, pay special attention to this report and review your code base at the earliest opportunity. Even if you don’t, it pays to be mindful of the percentages, because odds are that your employees have several at-risk apps on the devices they’re connecting to your network.