HP says app security hasn’t moved on, and developers need to pay attention

HPE logo

Hewlett Packard says developers need to pay special attention to the way apps store, communicate, and collect data that could be considered sensitive. The advice comes from its latest Mobile Application Security Report, where it shows little has changed in the past few years — private data collection in apps is still a problem.

The first security report came in 2013, and 97% of the 2,000 apps tested accessed at least one private data source. Now, after testing 36,000 apps from the iTunes App Store and Google Play, that percentage remains at 96%.

In the study, the following stats were published:

  • 94% of apps include logging tools
  • 70.6% can access external storage
  • 61.7% of tested apps used ad or analytics frameworks
  • 51.2% of apps accessed geolocation data
  • 16.3% accessed calendar data
  • 11.5% accessed contacts

HP’s security concerns match with user concerns over apps

HPE Security

The company matches these aspects with the top five worries regarding apps that it gathered from its Cyber Risk Report — with Insecure storage, privacy violation, and data leaks occupying the top three spots.

To solve these issues, HP suggests developers use static analytical tools, carefully analyze the logs generated by apps at all stages, closely examine third-party code and tools, plus review encryption and SSL practices. The complete report, and more in-depth advice, can be found here.