The State of Mobile App Security 2022

Osterman Research Report

Findings Reveal Both the Increased Importance of Mobile Apps and The Relative Lack of Focus on Runtime App and Data Protection

Mobile apps have become key tools for businesses to serve customers, earn revenue, and enable remote work by employees. Over the last two years, mobile apps have become critical to success for the majority of businesses.

In this report, we present the findings of a survey into the state of mobile app security in 2022, encompassing survey respondents from across the United States and the United Kingdom. The survey and white paper were commissioned by Approov.

API Keys Stored in Mobile Apps

A 30 minute webinar on July 26 will reveal additional findings.

Download a Full Copy of the Report and Watch a Video Summary of the Findings

CriticalBlue (developer of Approov) will use the personal information you provide to send you the content requested and information about our services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.

Key Takeaways from the report:

  • Three out of four respondents report that mobile apps are now “essential” or “absolutely core” to their success: This is three times higher than two years ago.
  • Secure development practices are essential but offer only partial protection: They do not eliminate the threat of run-time attacks against mobile apps and APIs.
  • Run-time attacks against APIs that render mobile apps non-functional prove costly to 75% of organizations: Attacks include data theft via API abuse, fake account creation, and credit fraud, among others.
  • Organizations lack visibility into run-time threats against mobile apps and APIs: 60% of organizations report that they do not have visibility to run-time threats against mobile apps and APIs.
  • Reducing threats arising due to hardcoded API keys is a priority: With about half of mobile apps storing API keys as hard coded secrets, the use of more than 30 third-party APIs per mobile app creates a significant run-time threat space. 55% of respondents place high priority on removing the need to store API keys and other hard coded secrets in mobile apps.
  • Organizations prioritize accelerating time-to-market for new features over security: One half of respondents report that for competitive reasons, their organizations may ship apps with known insecurities, and two fifths of respondents report that their organization’s security processes for both third-party and in house developers are weak and insufficient.
© 2022 CriticalBlue, Ltd.