09 Jun 2011

Few passing grades for app security

News on the internet security front has not been good lately, due to a rash of hacks at companies including Sony, Google and Citibank. The latest round of ViaForensics appWatchdog tests do not brighten the picture. After trying to access username, password, and sensitive application data, ViaForensics passed only three and failed eight of 30 apps tested.

In a blog post announcing the test results, ViaForensics singled out Android’s Foursquare, LinkedIn and Netflix apps as being vulnerable due to unencrypted passwords. PCMag quoted representatives of all three companies, who said that security problems will be resolved.

Some other Android apps that received failing grades include Groupon (insecure password storage) and Mint (insecure password and data storage).

Among iPhone apps, mobile payment app Square failed because testers were able to access data such as transaction amounts and picture files of user signatures.

ViaForensics assigned a “warning” to 19 tested apps that did not use adequate encryption in storing user data.

The ViaForensics blog post commends USA Today’s app, which passed in both iPhone and Android versions.

Ironically, the blog also praises Citibank, which “added its name to the list of Financial Apps receiving a Pass rating on every test.” Citibank acknowledged yesterday that its computer system had been hacked last month, exposing hundreds of thousands of credit card numbers to theft.