INDUSTRY FIRST: METAINTELLI RESEARCH DISCOVERS LARGE NUMBER OF MOBILE APPS AFFECTED BY OWASP MOBILE TOP 10 RISKS
MOBILE APPS WITH YOUR CREDIT CARD NUMBERS OR BANKING CREDENTIALS MAY BE VULNERABLE
MOUNTAIN VIEW, CA – January 6, 2015 — MetaIntelli™, the leader in enterprise Mobile App Risk Analysis Mobile Risk Management (MRM), announced today the results of its mobile app research based on the Open Web Application Security Project (OWASP) Mobile Top 10 Risks. The OWASP Mobile Top 10 Risks are an invaluable resource for developers as well as security teams in enterprise, government, healthcare, and education. As mobile security expert Lee Cocking states, “Mobile proliferation, and the newly minted ‘API Economy’, means mobile devices and mobile applications will be the way that customers, partners, distributers and channels access and interoperate with corporate and government data, but sadly the industry lacks a wide-reaching mobile application security standard. This leads to mobile being the new adversarial ingress point. MetaIntelli brings some much needed security by ensuring that organizations have a crystal clear understanding of the risk, threat and impact of deploying mobile applications.”
The OWASP Mobile Security Project collects data from vendors, consultants, or other industry experts within the application security community. The OWASP Mobile Security Project does not exist in a vacuum; it relies on contributions from industry thought leaders in the application security community to contribute data for the OWASP Mobile Top 10 Risks. The OWASP Mobile Security Project issued a Call to Action for 2015 to gather data and promote awareness. MetaIntelli responded by leveraging its deep expertise and mobile application risk analytics platform to conduct research on mobile apps, and submitted it to the OWASP Mobile Security Project.
MetaIntelli compiled data for consideration in the OWASP Mobile Top 10 for 2015 based on a deep and comprehensive risk analysis from MetaIntelli’s AppInterrogator™ platform over a sample set of 38,000 Android and iOS mobile applications. An industry first, the data is a summary of third-party mobile applications and how they tested against the OWASP Mobile Top 10 Risks. As shown in the table below, MetaIntelli completed analysis for all but two of the OWASP Mobile Top 10 Risks. MetaIntelli has data for M1 and M6, and it will be released soon. Note that the highest number of risky mobile applications is associated with OWASP Mobile Top 10 Risk “M3 – Insufficient Transport Layer Protection”; MetaIntelli found that 67 percent of the 38,000 mobile apps exhibited this risk.
OWASP Mobile Top 10 Risk Android and iOS Mobile Apps with This Risk
M1 –Weak Server Side Controls *
M2 – Insecure Data Storage 3%
M3 – Insufficient Transport Layer Protection 67%
M4– Unintended Data Leakage 7%
M5 – Poor Authorization and Authentication 3%
M6 – Broken Cryptography *
M7 – Client Side Injection 25%
M8 – Security Decisions via Untrusted Inputs <1%
M9 – Improper Session Handling 9%
M10 – Lack of Binary Protections 55%
* Available in an upcoming MetaIntelli blog
“Since its inception, MetaIntelli architected its approach to align with the OWASP Mobile Top 10 Risks,” stated Kevin Mullenex, MetaIntelli founder and CEO. “We are committed to contributing to the OWASP Mobile Security Project and raising awareness about mobile app risk because it ensures our customers have true situational awareness and the most comprehensive understanding of their mobile risk posture.” MetaIntelli casts a wide net, and helps its customers with additional privacy and security risks found via its patented AppInterrogator technology. For more information about MetaIntelli and its solutions, please visit our website at www.MetaIntelli.com, or send email to firstname.lastname@example.org.
MetaIntelli is the market and technology leader in contextual intelligence-led Mobile Risk App Analysis. The company’s cloud-based solution offers unmatched high-speed continuous identification and analysis of security and privacy risks for iOS and Android applications. It employs a patent-pending parallel multivariate risk analysis engine combining context, intent and predictive behavior attributes to quickly declare an app In or Out™. The combination of proactive and continuous risk detection provides enterprises with the most complete protection from threats posed by risky apps.