Mobile Applications: A Cesspool Of Security Issues
Dark Reading, Friday, April 25th, 2025
An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?
An analysis of more than half a million mobile applications found that nearly one in five had hardcoded encryption keys, nearly one in six used software components with known vulnerabilities, and nearly two-thirds used broken or weak encryption.
Overall, the vast majority of mobile applications had a significant security weakness, despite user tendencies to trust the apps on their phones, says Andrew Hoog, co-founder and board member at NowSecure, a mobile-device penetration testing firm. In a presentation next week at the RSA Conference, he will discuss the findings of the company's analysis of hundreds of thousands of applications.