The importance of mobile apps to business success has tripled over the past two years, but over three-quarters of security leaders and app developers are not confident in their organization's ability to stop cyber threats targeting apps.
The State of Mobile App Security in 2022 report from Approov and conducted by Osterman Research surveyed 302 security directors and mobile application development professionals in the United States and United Kingdom at large enterprise organizations about their mobile application security practices. The report identified multiple trends in the mobile app security space, including a lack of visibility into security practices and threats.
Three out of four respondents indicate mobile apps are now “essential” or “absolutely core” to their success, up from one out of four two years ago. What's more, an attack against APIs that rendered a mobile app non-functional would have a significant or major effect on 75% of businesses.
Security threats to mobile applications
Despite a seemingly high level of risk awareness and business consequences, 78% of respondents are not highly confident that their organizations have the appropriate level of security defenses and protections in place to protect against specific threats posed by mobile apps.
Sixty percent of respondents lack visibility into credit fraud attempts; 59% lack visibility into the creation of fake accounts, 51% lack visibility into secrets exposed on mobile platforms; and 50% cannot detect access by cloned, fake or tampered apps.
On average, mobile apps depend on more than 30 third-party APIs, and half of the mobile developers surveyed are still storing API keys in the app code, constituting a massive attack surface for bad actors to exploit.
For more app security information, read the report.