Mobile app developers pay little attention to security

It appears that despite the increasing threat of cyberattacks, any large mobile app developers—including Fortune 500 companies—haven’t put too much effort into ensuring the security of their products.

According to a study of more than 400 large organizations by the Ponemon Institute and IBM security, the average company tests less than half of the apps they build, while one-third never test their apps.

On average, these organizations spend $34 million on mobile app development. However, just 5.5 percent of this amount is spent on mobile security. Furthermore, 50 percent of these organizations don’t even have a dedicated budget for mobile security.

Instead, these companies tend to prioritize speed to market and user experience, with the study finding that they scan their products for security issues late in the process—if at all—leaving vulnerabilities hackers are finding increasingly easy to exploit.

According to the study, 65 percent of organizations put the security of their apps at risk in order to satisfy customer demands or needs, while 77 percent blame “rush to release” pressures as a reason why mobile apps contain vulnerabilities. And while some companies actually scan their apps for vulnerabilities before sending them to market, the study found that only 15 percent of them test them with enough frequency to be effective.

“Building security into mobile apps is not top of mind for companies, giving hackers the opportunity to easily reverse engineer apps, jailbreak mobile devices and tap into confidential data,” said Caleb Barlow, vice president of mobile management and security at IBM, in a release. “Industries need to think about security at the same level on which highly efficient, collaborative cyber criminals are planning attacks.”