Report: Enterprises lack visibility into mobile app security

As there becomes an increasing dependence of businesses upon their mobile apps, there seems to be a lack of visibility into the security, finds Approov

The importance of mobile apps to business success has tripled over the past two years, according to Approov, creators of advanced mobile app and API shielding solutions, which has issued, “The State of Mobile App Security in 2022,” a new report from Osterman Research.

Three out of four respondents indicate mobile apps are now “essential” or “absolutely core” to their success, up from one out of four two years ago. The report identified multiple trends in the mobile app security space, including a lack of visibility into security practices and threats.

Michael Sampson, Senior Analyst, Osterman Research, said: “Mobile apps are key channels through which businesses serve their customers, and their importance to organisations has tripled in the last two years. Our research reveals that while enterprise app development and deployment are among an organisation's highest priorities, unfortunately, the runtime security of the app, its API secrets and the user data collected do not receive similarly high prioritisation and budget. 

“These findings raise serious questions, given that so many recent breaches have highlighted the risk of stolen keys and secrets being exploited by threat actors.”

Mobile apps are increasingly important but are we aware of cyber risks?

Although there is an increasing importance of mobile apps, and despite a seemingly high level of risk awareness and business consequences, 78% of respondents are not highly confident that their organisations have the appropriate level of security defences and protections in place to protect against specific threats posed by mobile apps.

60% of respondents lack visibility into credit fraud attempts; 59% lack visibility into the creation of fake accounts, 51% lack visibility into secrets exposed on mobile platforms; and 50% cannot detect access by cloned, fake or tampered apps.

On average, mobile apps depend on more than 30 third-party APIs, and half of the mobile developers surveyed are still storing API keys in the app code, constituting a massive attack surface for bad actors to exploit.

David Stewart, CEO of Approov, said: “This research reflects the overarching fact that although mobile apps are an increasingly critical conduit for both commerce and communications, investment in runtime protection of apps and APIs continues to take a back seat. Moreover, poor practices continue unabated, such as the storing of hard-coded keys in a mobile app or device, which exposes app secrets to increasingly clever threat actors.

“Given that mobile apps and APIs are increasingly the lifeblood of organisations, the practices and resource allocation towards runtime threats must be reconsidered – and quickly – before yet another wave of major mobile app breaches exposes both organisations and their customers to the damage and continual loss that inevitably result.”


Featured Articles

79% say energy crisis will impact sustainability plans

A staggering 79% of IT decision-makers believe that the current energy crisis will have a knock-on effect on their net zero sustainability strategies

VMware and AWS extend their partnership to include Africa

VMware and AWS have announced that they will be extending their partnership, to include Africa in their growing portfolio of cloud connectivity services

SMEs represent a trillion-dollar opportunity for CSPs

According to a Beyond Now report, tech-savvy SMEs represent a trillion-dollar opportunity for CSPs that can deliver technology which meets their needs

WiFi connectivity critical in bridging rural digital divide

Wireless Networks

Transcelestial achieves commercial 5G breakthrough


World's first live 5G standalone roaming connection