None of the leading mobile browsers have security that's up to snuff, according to researchers at Georgia Tech.
"We found vulnerabilities in all 10 of the mobile browsers we tested, which together account for more than 90% of the mobile browsers in use [in the U.S.]," Patrick Traynor, assistant professor at Georgia Tech's School of Computer Science, said in a school press release.
On mobile browsers, even experts have trouble determining the legitimacy of a website due to the lack of graphic indicators such as a lock icon that show when a browser is using the security protocols secure sockets layer (SSL) or transport layer security (TLS).
Such icons amd indicators, present on almost all desktop browsers, quickly tell users whether the site they're visiting is secure and legitimate. Examples include the HTTPS address prefix and the padlock icon that appears when users are entering sensitive data like payment information.
The World Wide Web Consortium (W3C) puts forth specific guidelines as to how SSL and TLS should be implemented, something desktop browsers typically do well. When it comes to their mobile counterparts, the W3C recommendations don't seem to be taken as seriously. Because people regularly use their smartphones to shop and conduct banking transactions, that's a big problem.
"Research has shown that mobile browser users are three times more likely to access phishing sites than users of desktop browsers," said Chaitrali Amrutkar, the main author of the Georgia Tech paper. "Is that all due to the lack of these SSL indicators? Probably not, but giving these tools a consistent and complete presence in mobile browsers would definitely help."
Mobile developers are constantly faced with the challenge of creating an enjoyable browsing experience on a display that's only a fraction of the size of a desktop. But a malware-ridden or hacked phone isn't enjoyable at all.
Once developers figure out a smart and consistent way to implement SSL and TLS, Traynor said, everyone will be more secure and better served.