A recent article about an industry pentesting report amplified a common refrain, moving fast is more important than moving securely. In fact, according to this latest research, more than half of security leaders say this pressure is still at play in their organization. And although most are confident in their organization’s security posture, it seems that confidence may be a bit misplaced, since these same leaders report that nearly one-third of serious findings discovered are unresolved.
However, the consequences of choosing expediency over security can be significant, particularly when developing and testing mobile applications. In the interest of time to market, many mobile applications are merely tested once a year, despite experiencing changes due to patches and updates. The consequences can be significant, as was recently demonstrated with the speed to market of the Perplexity AI chatbot Android app.
The number of AI tools, and mobile apps that leverage AI, has been accelerating at a dizzying pace. Yet mobile application security testing may be viewed as an afterthought when building these applications. One of the most recent examples is Perplexity’s launch of Perplexity Assistant. Recently released for Android in January, it’s an AI-powered tool designed to enhance the functionality of its search engine. However, as with many apps in the Google Play Store, buyer beware, since speed to market often means sacrificing security.
Just last week, an article in a security industry publication noted that researchers found 10 bugs in the app, increasing the risk of the tens of thousands of users who have been downloading the app daily for the past four months. Interestingly enough, many of these threats are highlighted by OWASP as part of their key mobile risks. Researchers' found a wide range of potential risks, including the ability to compromise communication to the application and insecure network configurations, increasing the risk of a network-based attack. Additionally, the researchers found numerous risks with medium range CVSS scores, but if exploited, could result in significant consequences. Clearly speed to market should not be put before security in mobile application development, they should co-exist. That’s why we built the Corellium Virtual Hardware platform for secure mobile application development.
Corellium Viper enables continuous, mobile application security testing, on a virtualized hardware platform, for deeper visibility into data security risk during development. Integrates seamlessly into your mobile application development process and helps identify risk before negative impact to the data security or compliance for mobile applications. Get your free trial of Coreillium Viper with MATRIX and build security into your plans for meeting your mobile application development timelines.