Table 4.
A summarized table of negative results regarding backends of Android and iOS apps. Negative observations are counted for the functional or other category on a per-app basis when it was present in at least one of the apps’ servers.
| Security issues | Android (functional), n=30 | iOS (functional), n=30 | Android (others), n=30 | iOS (others), n=30 | Total (functional), n=60, n (%) | Total (others), n=60, n (%) |
| Qualys SSL Labs non-A rating | 14 | 14 | 24 | 24 | 28 (47) | 48 (80) |
| Server only offers TLSa version <1.2 | 5 | 3 | 0 | 1 | 8 (13) | 1 (2) |
| Server without set cipher order | 7 | 5 | 4 | 1 | 12 (20) | 5 (8) |
| Certificate (chain) validation issues present | 9 | 5 | 14 | 6 | 14 (23) | 20 (33) |
| Downgrading vulnerabilities | 5 | 4 | 8 | 7 | 9 (15) | 15 (25) |
| Servers outside the EUb | 24 | 21 | 30 | 30 | 45 (75) | 60 (100) |
| Missing forward secrecy support | 2 | 2 | 1 | 1 | 4 (7) | 2 (3) |
| Unsecure connection/s observed | 10 | 10 | 10 | 8 | 20 (33) | 18 (30) |
aTLS: Transport Layer Security.
bEU: European Union.