Guardsquare, the mobile application security platform, announced the release of the “Global 2020 Report: Mobile Apps Aren’t Secure Enough, Despite Dev Teams’ Priorities,” a result of a collaboration between Guardsquare and Vanson Bourne, an independent market research firm. The report found that organizations rank security as the most impactful element of mobile app development — even ahead of app performance. However, organizations’ reported investments in app security do not align with this prioritization.
“This survey revealed a gap between best practices and reality when it comes to mobile app security. When in-house teams are stretched too thin, or working outside of their expertise, security is often compromised,” said Grant Goodes, Chief Scientist, Guardsquare. “The good news is that organizations seem to be aware that their security procedures are lacking. The bad news is that many app development teams end up relying on operating system security protections, despite knowing that this is just not adequate.”
Beyond the financial, intellectual property and regulatory risks, mobile apps are seeing increased popularity as a vehicle to connect with a brand. Mobile apps are often a user or customer’s primary experience with a brand, which puts direct revenue, as well as brand reputation and user trust on the line when security issues come to light.
Teams say security is their top priority, although their actions do not support this mindset.
- 95% of survey respondents report room for improvement in their security program or protocols in order to protect its public facing mobile apps from basic attacks and the consequences that come with it.
App development teams rely on operating system security, even though the vast majority agree it’s not enough.
- Despite 81% agreeing that iOS standard security isn’t enough and 84% saying the same about Android, 96% are relying to some extent if not completely on the end users’ mobile operating systems for app security.
- Though teams report spending an average of 2 months or around 41% of the dev lifecycle per app on security, apps are still not secure enough.
- 79% of responders’ organizations experienced at least 1 security incident within the past 12 months.
- The majority (75%) of responders state security is the most impactful aspect of mobile app development within their organization – ahead of performance (63%) and end user experience (47%).
While there are many consequences to a mobile app security breach, the most common are reputational damage, data loss, damage to customer loyalty/trust and mobile app downtime. According to responders, 45% said it takes three or more days to respond to a security incident. Brands rely on mobile apps for additional revenue channels, extension of the brand on mobile and to create a consistent experience for the user across all channels. With the downside of a breach resulting in the loss of a user, the stakes are high for brands to deliver on security.
The pressures of regulatory requirements and speed to market can add up, on top of prioritizing customers’ in-app user experience. Building mobile apps that are secure by design will go a long way toward reducing the number of incidents, costs of remediation, and overall risk.
Vason Bourney surveyed more than 500 respondents across the Americas, Europe, Middle East and Asia-Pacific. Organizations ranging from 200-2,500+ employees participated, with job titles such as information technology, software engineering and development among the respondents.
To review the report, please visit: https://insights.guardsquare.com/state-of-mobile-application-security-report
Guardsquare is the global leader in mobile application protection. More than 650 customers worldwide across all major industries rely on Guardsquare to secure their mobile applications against reverse engineering and hacking. Built on the open source ProGuard technology, Guardsquare software integrates transparently in the development process and adds multiple layers of protection to Android (DexGuard) and iOS (iXGuard) applications hardening them against both on-device and off-device attacks. With the addition of ThreatCast, its mobile application security console, Guardsquare offers the most complete mobile security solution on the market today. Guardsquare is based in Leuven, Belgium with a US office in Boston, MA.