image

RIIS Publishes Second Annual Report Rating Security of Popular Dating Apps

(Troy, MI) RIIS, LLC, an IT services firm specializing in mobile application development and professional services announced the publication of their latest Android Security Report, and the second annual look into popular dating apps.

Just in time for Valentine’s Day, 2015, this new report “gives a rose” to only one dating app for following security measures, but notes that it is mostly because the app is structured more as a mobile website than as an app.

eHarmony completely redid their Android app recently but the username and password are still exposed. For the second year in a row we’ve been able recover someone’s username and password on Match.com.

Godfrey Nolan, President of RIIS LLC said “We’re trying to make the world a safer place, one dating app at a time.” He added, “App developers don’t realize that the hacker tools are changing, what we couldn’t find last year we can now find using new tools like jadx.”

RIIS researched mobile apps developed by 5 of the major online dating organizations. Scoring is based on how well the app developers mitigated these 10 mobile app security risks:

  1. Weak Server Side Controls
  2. Insecure Data Storage
  3. Insufficient Transport Layer Protection
  4. Unintended Data Leakage
  5. Poor Authorization and Authentication
  6. Broken Cryptography
  7. Client Side Injection
  8. Security Decisions Via Untrusted Inputs
  9. Improper Session Handling
  10. Lack of Binary Protections

The Index, complete with the names of the apps studied and their issuing companies is available for download here.

Along with the Index, visitors will find:

  • Top 10 mobile app security risks and what they mean for app development.
  • An overview of mobile app security that helps non-technical owners understand risks.
  • Solutions for mobile app security including utilities to secure files, flag security risks and audit code.