According to ViaForensics, most Android and iOS apps are still not secure with regards to storing sensitive personal information. This is sheds new light on smartphone security because up until now the focus has been on the security systems of the particular platform but not the apps that go with them.
According to a recent study that looked at both iOS and Android apps, it turned out that 76% of all apps store usernames in clear text without any encryption. Meanwhile, 10% of these apps store passwords in the same manner. More worryingly, it turns out that this is true of apps that come from a wide variety of categories. The study itself included apps from financial, social networking, productivity and retail.
The grading system for the apps was based on a simple pass/fail/warning system. Accordingly, apps that “passed” the test were those that managed to securely store essential data such as usernames, passwords, application data, etc. Meanwhile, apps that failed to pass the test were those that failed to do so. Apps that were not completely secure but not at a significant risk, were given a warning.
When the results came out, it turned out that 17 apps passed, 39 failed and 44 got warnings.
Financial apps: This category did best; 14 apps passed, 18 failed and 10 got warnings. While this may not be particularly encouraging by itself, the firm noted that many developers had begun adding encryption features that further enhanced the security of such apps. The few financial apps that actually failed the test included Mint (iOS and Android), Square (iOS) and Wikinvest (iOS)
Retail apps:  None of these apps passed the test but only 2 out of 14 actually failed.
Productivity apps: These apps did not do too well; 3 out of 35 failed.  A major concern was that these apps were storing sensitive information in clear text including information for gmail, iPhone mail, WordPress and Yahoo Mail.
Social networking apps were the worst; 14 failed and the remaining 5 got warnings.  It was discovered that these apps did not not encrypt usernames and most of them did not secure passwords and application data.
Overall iOS apps did slightly better than Android app, but given the dismal results, it hardly makes a difference.