Around 46% of mobile applications have been found to be using improper encryption, a new HP study revealed.
According to the latest Cyber Risk Report 2013, mobile app developers often neglect to use encryption when storing confidential information on mobile devices and rely on vulnerable algorithms to do so, or exploit tougher encryption capabilities, leaving them less effective.
HP Enterprise Security Products chief technology officer Jacob West said adversaries today are more adept than ever and are collaborating more effectively to take advantage of vulnerabilities across an ever-expanding attack surface.
"The industry must band together to proactively share security intelligence and tactics in order to disrupt malicious activities driven by the growing underground marketplace," West said.
The report added that the overall openly exposed vulnerabilities dropped by 6%, with the high-severity vulnerabilities dropping by 9% during 2013.
HP research also found that about 80% of applications comprised vulnerabilities embedded outside their source code.
Among all browsers, Internet Explorer topped the list of highly targeted entities by HP Zero Day Initiative (ZDI) vulnerability, accounting for over half of vulnerabilities acquired by the programme.
The report also added that Sandbox bypass vulnerabilities, which are mainly caused by insecure reflection would turn out to be the most prolific issue in the Java framework.
