April 15th, the last day to file your taxes in the U.S. without an extension, has come and gone. If you’re like most you’ve used some sort of technology, be it a software program on your computer or an app on your phone, in some way to lessen the stress of this time of year.
As we wait for our returns, let’s contemplate that following: is my tax information safe on a mobile app?
Two separate companies, Appthority and HP, recently reviewed some of the most popular tax-aiding mobile apps for security threats. Here are some of their findings:
-
More than 90% of the apps that HP tested, including TurboTax, TaxACT and TaxSlayer, contained at least one potential privacy violation
-
50% of the apps use cryptographic methods that are known to have security weaknesses like md5 or SHA1.
-
Certain transmissions from one of these apps were done in an unencrypted fashion
-
In one app, Token IDs were stored in plain text on the device, with no obfuscation
Ouch.
Regarding the practices to secure mobile apps, Maria Bledsoe, Senior Manager of Product Marketing at HP said:
“A lot of companies are looking at mobile apps as a fancy user interface, and they’re putting their protection on the back-end behind their firewall. But they’re not realizing yet that this is yet another attack vector and is an entry point for the hackers.”
The purpose of this post isn’t to remove one stressor (“Taxes!”) just to replace it with another (“Ahh my information isn’t secure!”). Just because an app has vulnerabilities doesn’t mean that your information WILL get exposed. It simply means that it CAN.
The Call Continues:
The list of well-intentioned apps that have proven vulnerable to hacks continues to grow. And the call for improved infrastructure and practices that place a higher priority on securing mobile apps remains constant.
Sources:http://techcrunch.com/2014/04/15/hp-finds-mobile-tax-apps-lacking-on-security-privacy/
https://www.appthority.com/news/tax-time-android-threats
