OWASP mobile top 10 security risks explained with real world examples

As mobile application developers we should be familiar with possible security risks that a mobile application might face. Knowing possible risks makes it easier to avoid possible pitfalls and write more secure applications.

OWASP (Open Web Application Security Project) is an online community of security specialists that have created freely available learning materials, documentation and tools to help build secure web and mobile applications. Among others they have compiled a list of 10 most common threats to mobile applications.

Although the documentation by OWASP is excellent I still had a difficult time understanding how these risks can be taken advantage of in the real world and how vulnerable the applications we use every day can really be.

In this article I will try to give you a short overview of the top 10 mobile risks and provide examples of real world disclosed vulnerabilities for each risk. This article should motivate you to think more about the security of the app you are developing.

Statistics

Before we look into each risk in more detail let’s talk about statistics. Most popular apps on the App store and on Google Play store should not be vulnerable to these risks right? Right? Unfortunately they are.