When people ask me which smartphone they should buy from the security point of view, I invariably advise them to get an iPhone.

The malware attacks that have been seen against iOS devices have typically been sophisticated state-sponsored campaigns, focusing on high-risk targets. Apple’s tight hold on iOS security may not have won it universal love, but when compared to the significant amount of malware and adware seen being written for Android devices it’s clear that there’s no contest.

Furthermore, there is no doubt that Apple has done a much better job of keeping its iPhone and iPad customers patched with the latest security operating system updates than many of the Android manufacturers – some of whom have left their users in the lurch with badly out-of-date and at-risk software.

But malware and operating system vulnerabilities aren’t the only considerations.

The truth is that the most significant threat is probably not your chances of encountering malware, or whether your OS is properly patched, but rather the third-party apps that you have installed on your device.

After all, you don’t know what your apps are *really* doing do you, or how well they’re keeping your sensitive information safe and secure?

New research has discovered scores of buggy iOS apps that do a lousy job of securing users’ information, and could be making life all too easy for hackers keen to intercept and steal data.

Security researcher Will Strafach says that he was able to identify 76 popular apps in the official App Store that failed to make use of the Transport Layer Security (TLS) protocol, and allowed a malicious attacker to silently perform a man-in-the-middle (MiTM) attack, stealing or manipulating data as it is sent and received from the mobile device.

“The truth of the matter is, this sort of attack can be conducted by any party within Wi-Fi range of your device while it is in use. This can be anywhere in public, or even within your home if an attacker can get within close range.” “There is no possible fix to be made on Apple’s side, because if they were to override this functionality in attempt to block this security issue, it would actually make some iOS applications less secure as they would not be able to utilize certificate pinning for their connections, and they could not trust otherwise untrusted certificates which may be required for intranet connections within an enterprise using an in-house PKI. Therefore, the onus rests solely on app developers themselves to ensure their apps are not vulnerable.”

Strafach, who works for Sudo Security Group, reports that the apps have received a combined total of more than 18 million downloads.

On Strafach’s list are a number of apps which he classifies as “low risk” despite it being possible to intercept their data. These apps, some of which can leak usernames and passwords, geolocation data and even keystrokes, include:

ooVoo – Free Video Call, Text and Voice

VivaVideo – Free Video Editor & Photo Movie Maker

Snap Upload for Snapchat – Send Photos & Videos

Uconnect Access

Volify – Free Online Music Streamer & MP3 player

Uploader Free for Snapchat – Quick Upload Snap from Camera Roll

Epic! – Unlimited Books for Kids

Mico – Chat, Meet New People

Safe Up for Snapchat – Quick Upload photos and videos from your camera roll

Tencent Cloud

Uploader for Snapchat – Quick Upload Pics & Videos to Snapchat

Huawei HiLink (Mobile WiFi)

VICE News

Trading 212 Forex & Stocks

途牛旅游-订机票酒店火车票汽车票特价旅行

CashApp – Cash Rewards App

FreeMyApps – Free Cash, Money & Gift Card

1000 Friends for Snapchat – Get More Friends & Followers for Snapchat

YeeCall Messenger-Free Video Call & Conference Call

InstaRepost – Repost Videos & Photos for Instagram Free Whiz App

Loops Live

Privat24

Private Browser – Anonymous VPN Proxy Browser

Cheetah Browser

AMAN Bank

FirstBank PR Mobile Banking

vpn free – OvpnSpider for vpngate

Gift Saga – Free Gift Card & Cash Rewards

Vpn One Click Professional

AutoLotto: Powerball, MegaMillions Lottery Tickets

Foscam IP Camera Viewer by OWLR for Foscam IP Cams

Code Scanner by ScanLife: QR and Barcode Reader

However, it appears that these “low risk” apps discovered by Will Strafach are just the tip of the iceberg.

The researcher has declined to post details of the remaining apps that are considered to be at “medium” or “high risk”, as he says he is in the process of reaching out to affected banks, medical providers and other developers to get the vulnerable apps fixed – subject to a two- or three-month responsible disclosure period.

If you’re concerned, one thing to remember is that your chances of having data intercepted are greatly reduced if you use a cellular connection (which requires a hacker to deploy specialist expensive hardware) rather than Wi-Fi.