Veracode have a new report on the State of Software Security
(requires registration) that makes interesting reading for mobile developers. Of particular concern is that cryptographic issues still affect a sizeable portion of Android (64%) and iOS (58%) applications. Hard-coding a cryptographic key directly into the mobile application is common.
Here’s the distribution of vulnerabilities across iOS and Android…
Considering Android only, Cryptographic issues affect 64% of apps and information leakage occurs in 26% of applications. However I would think that what constitutes ‘information leakage’ might be open to interpretation.
See the report
for more analysis of iOS and BlackBerry vulnerabilities.