Hewlett Packard today said it had found serious vulnerabilities in the majority of business-focused iOS mobile apps it recently conducted a series of security tests on.
The vulnerabilities pose a danger to businesses because mobile apps are commonly used to extend corporate Web sites, according to Mike Armistead, vice-president of HP.
HP tested more than 2,000 iOS apps developed for commercial use by some 600 companies in 50 countries and found that at least nine out of 10 had vulnerabilities. The tests covered apps from 22 iTunes App Store categories being used for business-to-consumer or business-to-business purposes.
HP found that 97 per cent of the apps inappropriately accessed private information sources within a host device while 86 per cent of the apps were vulnerable to attacks like SQL injection. Majority of the apps lacked protection against common exploits such as cross-site scripting, insecure data transmission and misuse of encrypted data.
Many of the apps did not implement SSL/HTTPS properly.
HP said that one of the main reasons for the weaknesses is the pressure to develop mobile apps for business purposes rapidly.