The list of brands and populars apps that have fallen victim to security vulnerabilities in their mobile apps continues to grow. In the past week, news has broken surrounding vulnerabilities in the mobile apps of Walgreens, Wal Mart, Fandango and Credit Karma.
Add these to the recent woes of brands like Starbucks, Delta, Tinder, and Kickstarter (to name just a few) and businesses are starting to see just how serious mobile app security is. It’s a song we’ve been singing for some time and are tirelessly working on a new type of security solution for mobile apps. But more about that later.
Let’s take a brief look into some of the specific areas of vulnerability that were revealed in this week’s findings:
This was surprising given Wal Mart’s reputation of being very IT-savvy. This case just goes to show that even the savviest of the savvy are facing concerns around how they secure sensitive information within their mobile apps. Despite various levels of app testing, it was found that the Wal Mart app stored unencrypted data surrounding user information, shopping history and geolocation details.
It was discovered that the Walgreens app, that has a feature which allows users to take photos of their medications to set pill reminders, stored the photos in an unencrypted fashion. If the pictures were of the pills themselves, this wouldn’t be so bad. But when many users are taking photos of their prescription labels, we’ve got a serious security issue.
Fandango and Credit Karma
These two apps actually faced charges from the FTC regarding security mishaps. Both apps failed to properly implement SSL encryption, exposing user information (names and credit card information, Social Security Numbers, and more) to “man-in-the-middle” attacks. Ouch.
With the ongoing announcements of mobile app security vulnerabilities, and the increased frequency in which they’re hitting, one has to wonder (but at the same time not want to ask), “Who’s next?”