A new study reveals that applications on iOS contains on average more vulnerable than those of Android, raising the question for the future spreading of malware through app.
Applications developed on iOS devices contain on average more vulnerable than those for Android. It has established a new joint report by AppSec Labs and Checkmark, who pointed out that in the future there will be more and more attackers who choose their mobile applications as a vector of their attacks. The mobile app contains on average 9 vulnerability, and are generally more severe on the Apple platform.
The iOS fact 40% of the vulnerabilities on applications analyzed are marked as critical, or high-level, while the percentage of Android is slightly lower, 36%. To achieve these results, the researchers took as a reference hundreds of applications of all types, such as utilities, sales applications, games, but also applications for managing bank accounts. It also seems that the latter contain severe vulnerabilities.
Usually, it is expected that financial applications are safer, but we found that they are more or less equal to the other, he said during the release of the report Amit Ashbel, product marketing manager Checkmarx. The most common vulnerabilities found by the two signatures, which occupies 27% of the cases found, allows the loss of sensitive data. 23% of cases are related to problems of authentication and authorization, and follow with 16% problems of managing settings.
They had a lower abutment other problems still very common, such as the weaknesses encryption algorithms used for the protection of integrated data. According Ashbel the presence of the worst vulnerabilities on iOS is given the cliché that the Apple operating system is more secure than Android. iOS has permission checks more restrictive and developers are not granted large freedom. In addition, third-party applications run on very limited sandbox.
Apple finally can release security updates without relying on third party representatives. All these features allow developers to relax more in coding for iOS applications, mistakenly putting into the background the speech security. This may not be a problem today, Ashbel second, but could represent a tomorrow when the attackers will start using mobile applications as a vector of their attacks.
” We can compare the mobile world to the PC 15 years ago, ” said ” The types of attacks that were launched on the desktop 15 years ago were similar to those launched on iOS and Android today. They were based malware and viruses because they were the channel easier. ” Today, most of the attacks on the PC and desktop is through vulnerabilities in the applications and the change ” is possible on the mobile. ”
We will soon see that the attacks will be carried out on the applications, ” he concluded. ” And when will find that iOS will be exposed as much as it will be Android, and maybe even more.