eWEEK reports that a recent survey of 100 popular iPhone and Android mobile apps by ViaForensics found that three-quarters of them store sensitive user account information unencrypted on the mobile device. Offending apps include LinkedIn, Netflix, Skype, Gmail, Yahoo Mail and Groupon.
The survey examined financial, social networking, productivity and retail apps. Researchers discovered that the apps store transmit data such as security credentials, personal financial information, private communications and sensitive company data. Usernames were the most common piece of unprotected data with 76 percent of the 100 apps keeping usernames in plain text. Ten percent were storing the user’s password in plain text, says msnbc.com. The problem, says the report, according to InformationWeek:
Many systems require only username and password, so having the username means that 50 percent of the puzzle is solved. In addition, people often reuse their usernames so it will generally work on many online services.
redOrbit says social networking apps fared the worst, with 74 percent of sensitive data recovered. Forty-three percent of productivity apps failed, while 25 percent of mobile financial apps and 14 percent of retail apps failed.