More than three-quarters of mobile apps would fail basic security testing, says Gartner

More than three-quarters of mobile applications would fail basic security testing, according to market research firm Gartner.

That prediction makes up the strategic planning assumption for its 2014 Magic Quadrant for Application Security Testing report.

Gartner explains that mobile application security testing analyzes apps "for coding, design, packaging and deployment conditions that are indicative of security vulnerabilities. Testing can also point to application functions that conflict with an enterprise's security policies (for example, testing can raise warnings that an application accesses the corporate calendar or contact list, or transmits corporate information to external locations)."

Vendors named to the report's leaders quadrant are HP, IBM, Veracode and WhiteHat Security. While all of them offer mobile app security testing, they come up short in some respects, says Gartner.

For example, HP's mobile app security testing product does not cover "all spectrums of features when it comes to behavioral analysis, proactive testing, MDM [mobile device management] integration and commercial app reputation ratings." IBM's mobile offering "does not include behavioral analysis, commercial application ratings and proactive testing. However, integration with IBM MDM Fiberlink is planned."

Veracode "does not offer mobile testing as a tool or virtual appliance, but only as a cloud service," while WhiteHat "does not offer automated behavioral testing [and]…does not offer reputation service, proactive testing and integration with MDM."

In its report, Gartner observes: "Global-scale scandals around critical applications' breaches have highlighted the need for effective detection of exploitable application security vulnerabilities. Application security testing is the solution for Web, cloud and mobile applications."

For more:
- read the Gartner report [reg. req.]

Related Articles:
Hybrid mobile apps could be ticking security time bomb
BYOD pushes enterprises toward mobile app management
Walmart, Walgreens apps fail on security