Encryption flaws can be found in over 80 percent of mobile devices and an application written in the scripting languages PHP, ColdFusion and Classic ASP are more prone to having serious flaws.
Veracode’s State of Software Security Report claims that developers have botched encryption in seven out of eight Android apps and 80 percent of iOS apps. SQL injection vulnerabilities were found to affect 64 percent of applications in Microsoft’s Active Service Pages (Classic ASP), 62 percent of ColdFusion and 56 percent of PHP apps.
Four encryption flaws affect most of the apps developed for Android and iOS phones and two-thirds of apps use inadequate decline to keep the data secure. Other big problems include clear text storage of information, failing to correctly validate certificates, and using broken or weak cryptographic algorithms.
“These things are easy to fix, but they are so pervasive it goes to show that the mobile developers are really ignorant about how to write good crypto code,” Chris Wysopal, CTO of Veracode commented.
This article originally appeared on - SC Magazine UK