You know the commercial slogan, "There's an app for that"? There are days I wish there was an app that would alert us to the potential security risks of other apps. No, not an anti-virus app or an app that protects the phone (although those are very good to have and I strongly suggest you download one to your phone). No, I mean an app that would alert you if an application leaves sensitive information vulnerable to the bad guys.
Why do I mention this? Because a company called ViaForensics has pointed out how many popular apps are leaving smartphones at risk. A CNET article reported:
According to the security firm's appWatchdog study, a slew of companies, including Foursquare, LinkedIn, Netflix, and Wordpress earned a "fail" rating on storing sensitive data securely. Netflix's Android application, for example, failed to "securely store passwords," ViaForensics said. Surprisingly, the iPhone version of the Netflix app earned the highest "pass" rating for securely storing passwords.
A Wall Street Journal article explained that some of these apps in the Android platform, like Netflix, are not storing passwords and other information in an encrypted form, leaving the data vulnerable.
There are some iPhone apps with issues as well. The Wall Street Journal stated:
ViaForensics also found the iPhone version of Square's mobile payments app exposed a user's transaction amount history and the most recent digital signature of a person who signed an electronic receipt on the app.
In addition, LinkedIn was found to be vulnerable on both the Android and iPhone platform.
CNET expressed my feelings exactly, saying that the ViaForensics results are discouraging. I'd add disappointing, too, because you'd think by now companies would be doing a whole lot more to make sure their applications are secure.
The takeaway from this? Until we can know how safe apps are, be very wary of what information you store on your phone.