A study has revealed that a large percentage of smartphone apps are storing sensitive personal data of the owner, reports Wired. The study was conducted by digital security firm ViaForensics and included testing of about 100 consumer smartphone apps.
The testing of the smartphones was done over a period of eight months. Different categories of apps for iOS and Android platforms were tested in the study. Among the apps tested were social networking applications, mobile banking software, etc.,
The study showed that some 76% of the apps tested were storing cleartext usernames on the devices. About 10% of the tested apps stored passwords on the phone in cleartext. App data – the private information exchanged using the applications – was recovered from 69% of tested apps.
“If I get my hands on someone’s lost phone, it could take me ten minutes to find an account username and password,” said Ted Eull, technology services vice president at ViaForensics, during an interview with Wired.
The study revealed that Mint.com’s iPhone and Android apps stored user transaction history and balance information on the phone. The Android version of the Mint app was found to store unencrypted PIN of the user on the phone.
The Android version of the Mint app stores the user’s PIN on the phone unencrypted, ViaForensics found.
Apple’s iOS-based apps preformed better in the study and scored higher marks than Android apps consistently.