OWASP Top 10 for Mobile Apps: M5 – Insufficient Cryptography
Cryptography, at its core, is the practice of securing communication and data through the use of algorithms and keys. For mobile apps, cryptography plays a crucial role in securing sensitive data, ensuring privacy, and maintaining the integrity of user interactions. However, *insufficient cryptography* occurs when an app fails to implement cryptographic algorithms or methods correctly, resulting in data being exposed or vulnerable to unauthorised access.
The issue of insufficient cryptography is particularly critical in mobile applications because of the increasing amount of sensitive information that these apps handle, such as financial data, personal identification information, passwords, and private conversations. Insufficient cryptography in this context means that sensitive data is not encrypted properly, or that weak or deprecated encryption methods are used, leaving the data open to attackers who can intercept, manipulate, or steal it.