Security vulnerability class [49] | Type | All apps, n = 79 (%) |
---|---|---|
Insecure data storage | Unencrypted data storage (of any data) | 73 (92 %) |
Unencrypted username/password | 8 (10 %) | |
Unencrypted personal or sensitive informationa | 42 (53 %) | |
Insufficient transport layer protection | Identifying information sent without encryptionb | 23 (29 %) |
Sensitive information sent without encryption | 6 (8 %) | |
Unintended data leakage | Username/password captured in network cache or log | 2 (3 %) |
Health-related information sent to third parties | 8 (10 %) | |
Fixed device identifier used as user identifier | 9 (11 %) | |
Weak server-side controls | Unencrypted access to server-side API | 16 (20 %) |
Access to user data without authorization | 2 (3 %) |