A government watchdog has uncovered security and privacy flaws in mobile applications launched by the General Services Administration.
The GSA’s Office of Inspector General disclosed Thursday in a report that four mobile apps launched by GSA did not comprehensively address mobile security risks, such as weak server-side controls and insecure data storage.
“GSA lacks comprehensive standards for mobile application security, privacy, and development, increasing risk to deployed mobile applications,” the IG report concluded.
The report also said GSA has failed to develop standards for mobile apps to ensure they include privacy notices.
While the report did not identify the applications, one example of a mobile app offered by GSA allows travelers to look up federal government per diem rates by localities throughout the U.S. on their mobile phones.
“The lack of privacy notices could reduce the public’s confidence that GSA will appropriately use their information,” the report stated.
Nonetheless, the IG found GSA was making progress in its IT strategic goal of providing enhanced mobile access of GSA information, while fulfilling milestones under the White House’s digital government strategy.
To strengthen mobile computing initiatives, the IG issued several recommendations to GSA, including ensuring that mobile apps undergo required security and privacy authorizations.
In an Aug. 22 letter, GSA chief information officer Casey Coleman said the agency agreed with the IG findings and recommendations.