Hooray, You’re Not the Only Bundle of Insecurities This Valentine’s Day
Troy, MI (PRWEB) February 13, 2014 -- RIIS, LLC, an IT services firm specializing in mobile application development and professional services, announced they've published a special Valentine’s Day edition of their Android App Security Index. The report ranks mobile dating apps according to their adherence to mobile security policies.
“Remember that awkward talk you had with your father some time ago? Well - we’re trying to expose the dangers of not wrapping up your code,” commented RIIS’s president Godfrey Nolan.
Mobile phone users relying on dating apps to find their Valentine may be surprised to hear what is sprawled out on their phones, ready and willing, just waiting for a hacker’s skillful touch.
When RIIS stripped 5 dating apps down to their skin and bone, only one app passed the 10-point security test.
The other 4 dating apps showed that they are not the type you bring home to meet your mother.
“I caught a few things with just a slight penetration into the app,” exclaimed David Armstrong, RIIS engineer.
“He was afraid to go too deep,” RIIS engineer Amanda Taylor chimed in.
The most offensive quirks and unsettling fetishes uncovered were:
- The tendency to save the phone owner's username and password – unencrypted - where anyone with access to your phone could find it.
- The fact that an easy-to-read and even easier-to-find diary of the user's app activity including profiles, preferences and even interactions with other users were also stored right on the phone.
- The apps left themselves open for back-door penetration. RIIS engineers were able to navigate their way from the mobile app right into databases that held private details about thousands of users and their dates.
Scoring was based on how well the app developers mitigated these 10 standard mobile app security risks:
1. Insecure Data Storage
2. Weak Server Side Controls
3. Insufficient Transport Layer Protection
4. Client Side Injection
5. Poor Authorization and Authentication
6. Improper Session Handling
7. Security Decisions Via Untrusted Inputs
8. Side Channel Data Leakage
9. Broken Cryptography
10. Sensitive Information Disclosure
The Dating App Security Index, complete with the names of the apps studied and their issuing companies is available for download at http://www.decompilingandroid.com/android-dating-app-security-index/.
###
About RIIS
RIIS is an IT consulting firm based in Troy, MI. Our primary service includes accelerated application development through visualization and automated tools for the web and mobile technologies. We help companies get the applications they need, faster! Industry experience includes software, eCommerce, advertising, defense, insurance, banking/finance, and telecommunications.
Contact:
(248) 351-1200
http://www.riis.com
Godfrey Nolan, RIIS, LLC, http://riis.com, +1 248-351-1200, [email protected]
Share this article