According to recent research, 52 percent of security leaders say the pressure to move fast is still at play in their organization. And although most are confident in their organization’s security posture, it seems that confidence may be a bit misplaced, since these same leaders report that 21% of serious findings discovered are unresolved.
However, the consequences of choosing expediency over security can be significant, particularly when developing and testing mobile applications. In the interest of time to market, many mobile applications are merely tested once a year, despite experiencing changes due to patches and updates. The consequences can be significant, as was recently demonstrated with the speed to market of the Perplexity AI chatbot Android app.
The number of AI tools, and mobile apps that leverage AI, has been accelerating at a dizzying pace. Yet mobile application security testing may be viewed as an afterthought when building these applications. One of the most recent examples of Android app security testing is Perplexity’s launch of Perplexity Assistant. Recently released for Android in January, it’s an AI-powered tool designed to enhance the functionality of its search engine. However, as with many apps in the Google Play Store, buyer beware, since speed to market often means sacrificing security.
How Vulnerabilities in Popular Apps Underscore Security Gaps
An article in Dark Reading reported that security researchers discovered 10 bugs in Perplexity’s Android app—exposing tens of thousands of daily users to increased risk over the past four months. Interestingly enough, many of these threats are highlighted by OWASP as part of their key mobile risks.
Researchers found a wide range of potential risks, including the ability to compromise communication to the application and insecure network configurations, increasing the risk of a network-based attack. Additionally, the researchers found numerous risks with medium range CVSS scores, but if exploited, could result in significant consequences.
Clearly speed to market should not be put before security in mobile application development, they should co-exist. That’s why we built the Corellium Virtual Hardware platform for secure mobile application development.
Automated Mobile Security Testing with Corellium Viper
Corellium Viper enables continuous, mobile application security testing, on a virtualized hardware platform, for deeper visibility into data security risk during development. Integrates seamlessly into your mobile application development process and helps identify risk before negative impact to the data security or compliance for mobile applications.
Get your free trial of Coreillium Viper with MATRIX and build security into your plans for meeting your mobile application development timelines.
