A comprehensive study by zLabs, the research team at Zimperium, has found that over 43% of the top 100 mobile applications used in business environments contain severe vulnerabilities that expose sensitive data to potential hackers.
This finding underscores the urgent need for enterprises to reassess their app vetting processes and enhance security measures to protect against data leaks and breaches.
Data breaches have seen an unprecedented rise in 2024, with over 1.7 billion individuals affected globally, marking a 312% increase from the previous year.
The financial implications are equally staggering, with losses estimated at $280 billion.
Much of this vulnerability can be attributed to the rise in mobile device usage within corporate networks, especially under Bring Your Own Device (BYOD) policies, which exacerbate the risks associated with mobile apps on both Android and iOS platforms.
The study analyzed 54,648 work-related apps, scrutinizing their integration with cloud services, which have become integral to mobile app functionality due to their scalability and convenience. However, this integration has a flip side.
Approximately 62% of all apps utilize cloud APIs or SDKs, yet this connectivity often exposes data through misconfigured cloud storage settings.
Over 100 Android apps were identified as using unprotected or poorly configured cloud storage, with some even ranking among the top 1000 in the Google Play Store.
This misconfiguration allows unauthorized global access to potentially sensitive information, rendering data uselessly exposed.
In some instances, exposed credentials to services like AWS were found, opening pathways for data tampering or ransomware attacks without traditional security breaches.
The critical nature of these vulnerabilities was highlighted by a recent incident involving a major car manufacturer, where a misconfigured cloud environment led to a significant breach affecting hundreds of thousands of customers.
Encryption, a fundamental pillar of data security, was also found lacking in many enterprise apps.
Despite its importance, 88% of all apps and 43% of the top 100 apps either employ weak cryptographic methods or fail to follow best practices:
The implications of these findings are profound:
To mitigate these risks, enterprises must:
As mobile devices continue to serve as gateways to sensitive corporate data, the imperative for robust security practices has never been clearer.
Enterprises must pivot towards proactive security measures to safeguard their digital assets against the escalating threats in today’s mobile-centric business landscape.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…
The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…
SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…
F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…
The healthcare sector has emerged as a prime target for cyber attackers, driven by the…
Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…