Most Mobile Apps Will Fail Security Test Next Year

Analyst firm Gartner has issued a report predicting that 75 percent of mobile apps, by next year, will flunk even most rudimentary of security requirements.

That “majority of mobile applications — whether in the Android, iOS or Windows Phone ecosystems — will not have basic business-acceptable security protocols in place. This poses a serious problem for the enterprise, where bring-your-own-device (BYOD) schemes are commonplace,” said a story about Gartner’s finding at ZDNet. “Should employees download apps which can access enterprise assets or perform business functions, but have no basic standards of security in place, not only are enterprise security policies at risk of violation but sensitive corporate data and networks may also become vulnerable.”

Gartner was quoted saying that existing static application security testing (SAST) and dynamic application security testing (DAST) vendors will “need to modify and adjust their tests to address mobile technologies. Both SAST and DAST have been used for the past decade, but mobile applications — due to their variety and reliance on continually evolving mobile operating systems — are a fresh challenge,” the story said. “Gartner believes that in addition to SAST and DAST, new kinds of test based on behavioral analysis are emerging for mobile devices. These tests monitor the GUI and running background applications in order to detect malicious or risky behaviour. For example, a music player which also accesses contact lists or geolocation could be suspicious.”