The fact that limited-purpose apps like the RSA Conference one have vulnerabilities is not very surprising considering that serious security issues have been found in the past in apps dealing with much more sensitive data. Researchers from IOActive recently found vulnerabilities in many mobile banking apps from financial institutions around the world.
"Security flaws in mobile applications (particularly these rapidly developed and targeted apps) are endemic, and I think the RSA example helps prove the point that there are often inherent risks in even the most benign applications," Ollmann said.
The RSA Conference organizers did not immediately respond to a request for comment.
If a corporate marketing team decides to release a mobile application, the app's security and integrity is their responsibility, Ollmann said. "While you can't outsource that, you can get another organization to assess the application on your behalf."