The importance of mobile apps to business success has tripled over the past two years, according to Approov, creators of advanced mobile app and API shielding solutions, which has issued, “The State of Mobile App Security in 2022,” a new report from Osterman Research.
Three out of four respondents indicate mobile apps are now “essential” or “absolutely core” to their success, up from one out of four two years ago. The report identified multiple trends in the mobile app security space, including a lack of visibility into security practices and threats.
Michael Sampson, Senior Analyst, Osterman Research, said: “Mobile apps are key channels through which businesses serve their customers, and their importance to organisations has tripled in the last two years. Our research reveals that while enterprise app development and deployment are among an organisation's highest priorities, unfortunately, the runtime security of the app, its API secrets and the user data collected do not receive similarly high prioritisation and budget.
“These findings raise serious questions, given that so many recent breaches have highlighted the risk of stolen keys and secrets being exploited by threat actors.”
Mobile apps are increasingly important but are we aware of cyber risks?
Although there is an increasing importance of mobile apps, and despite a seemingly high level of risk awareness and business consequences, 78% of respondents are not highly confident that their organisations have the appropriate level of security defences and protections in place to protect against specific threats posed by mobile apps.
60% of respondents lack visibility into credit fraud attempts; 59% lack visibility into the creation of fake accounts, 51% lack visibility into secrets exposed on mobile platforms; and 50% cannot detect access by cloned, fake or tampered apps.
On average, mobile apps depend on more than 30 third-party APIs, and half of the mobile developers surveyed are still storing API keys in the app code, constituting a massive attack surface for bad actors to exploit.
David Stewart, CEO of Approov, said: “This research reflects the overarching fact that although mobile apps are an increasingly critical conduit for both commerce and communications, investment in runtime protection of apps and APIs continues to take a back seat. Moreover, poor practices continue unabated, such as the storing of hard-coded keys in a mobile app or device, which exposes app secrets to increasingly clever threat actors.
“Given that mobile apps and APIs are increasingly the lifeblood of organisations, the practices and resource allocation towards runtime threats must be reconsidered – and quickly – before yet another wave of major mobile app breaches exposes both organisations and their customers to the damage and continual loss that inevitably result.”