Report Highlights Significant Security Holes in Mobile Apps from Popular Hotel Chains
Troy, MI – RIIS, LLC, an IT services firm specializing in mobile application development and professional services, today announced they’ve published a new Android App Security Index that ranks hotel mobile applications according to their adherence to mobile security policies.
Of the 5 apps, only 1 showed that the developers had taken all of the steps to properly protect themselves and their customers. While Insecure Data Storage was a recurring violation in the study, the other 4 apps all proved to be lacking in one or more of these top 10 mobile app security risks:
1. Insecure Data Storage
2. Weak Server Side Controls
3. Insufficient Transport Layer Protection
4. Client Side Injection
5. Poor Authorization and Authentication
6. Improper Session Handling
7. Security Decisions Via Untrusted Inputs
8. Side Channel Data Leakage
9. Broken Cryptography
10.Sensitive Information Disclosure
“Developers need to follow best practices in creating secure mobile apps,” said RIIS president and founder, Godfrey Nolan. “With little effort, we gained access to either credit card numbers or user credentials as well as the proprietary source code in most of these apps.”
The Index, complete with the names of the apps studied and their issuing companies is available for download here.
Along with the Index, visitors will find:
- Top 10, well-known and documented mobile app security risks
- An overview of mobile app security that helps non-technical owners understand risks.
- Solutions for mobile app security including utilities to secure files, flag security risks and audit code.
Nolan added, “Non-technical owners and executives should learn these risks as well. A security leak in a mobile app isn’t just a technical support issue. It’s what lands corporations on the front page of the news for breaches in security and has them battling to regain consumer confidence.”
RIIS is an IT consulting firm based in Troy, MI. Our primary service includes accelerated application development through visualization and automated tools for the web and mobile technologies. We help companies get the applications they need, faster! Industry experience includes software, eCommerce, advertising, defense, insurance, banking/finance, and telecommunications.