What Can We Do as Mobile App Developers in This BYOD Era?
Today we live in a mobile environment. There are more mobile devices connected to the Internet than human beings in the world. This has given us more freedom to choose to work from anywhere, anytime and given us the flexibility to take care of other important matters.
The question is: Are we prepared for that?
These are facts taken from recent research undertaken by Arxan:
- 97% of the top 100 paid apps on the Google Android platform have been hacked
- 56% of the top 100 paid apps for Apple iOS had been hacked
- 73% of popular free apps on Android had been hacked
- 53% of popular free apps on Apple iOS had been hacked
The numbers are alarming
Remember that many of these mobile applications are developed by professionals and large teams, perhaps with security experts involved in the development process. Why are they still hacked?
Mobile security is a tricky business and developers are taking it far too lightly. The plethora of hacking tools which are freely available virtually guarantee that poorly protected or unprotected apps will be exploited. All of us need to be more careful when designing and building mobile apps to meet stricter security requirements.
Security in BYOD days
It’s more relevant now in the Bring Your Own Device (BYOD) era. Almost every company wants to ride the tech wave and allow their employees to bring their own mobile devices to enhance both the business and employee productivity. While this represents a big opportunity for all of us, without proper approach to security, it brings even more risks. According to OWASP, some of the top mobile security risks relate to broken cryptography, weak server side control and insufficient transport layer control.
Broken cryptography can result in unauthorized retrieval of sensitive information from the mobile device which has different business impacts.
- Typically it results in information or code theft, privacy violation and reputation damage
- Insufficient transport layer control leads to identity or account theft which in turn makes the business vulnerable to fraud
- Weak server side means that through the mobile interface, hackers are able to feed malicious inputs or unexpected sequences of events to the vulnerable endpoint
And for the company as a whole, it simply means sensitive data exposure, broken authentication, the possibility of cross-site scripting, and much more.
What’s next for app developers?
We need to build secure apps the right way. Being a paid developer and serious coder who also codes for fun on the weekend, I’d like to script and code everything. However what might be adventurous and interesting for me can pose risk to others if I don’t do it properly.
Would it be better to maintain application development and security management separately? Should we isolate each portion? Perhaps not… Maybe the application should be self-aware in terms of security.
Is there a way to solve this easily?
What if there was some sort of security snippet that I could just use to snap security into my applications? I wouldn’t have to spend any more time dealing with this nuisance and could focus my energy on writing code. Don’t get me wrong – security is important. I absolutely believe that we should build secured mobile apps, but wouldn’t it be nice to have a no-fuss solution?
As V3’s Alastair Stevenson has observed, this means we need to explore; to find a new way to tackle these challenges; to cease relying on traditional approaches which have obviously failed.
What could be this new approach? I’ll go into details in the next post. In the meantime, feel free to share your thoughts with us.
Now back to my code…
Connect to me on Linkedin or follow me on Twitter @alesteska.
Most Recent Articles
- C-ITS ITS-S Security microservice
- C-ITS PKI as a Service
- Creative Dock, TeskaLabs, Indermedica, Czech Ministry of Industry and Trade and Line 1212 launch the indicative test for new COVID-19 coronavirus
- Cyber-health with a password and an antivirus program is not enough
- TeskaLabs at the ETSI 1st C-V2X Plugtest
You Might Be Interested in Reading These Articles
Google has introduced new rules about how mobile app developers and companies deal with customer impact on apps across the board. What is it?
The new regulations call for increased transparency with regards to how apps make use of customer data. Developers need to ensure that the way they handle user data - from how they collect it to what it might be used for - is perfectly clear to all users. In Google’s words, developers must “limit the use of the data to the description in the disclosure”. In layman’s terms, this means that data use and privacy policies need to be clearly visible on app descriptions in the Google Play store, and not simply within the app itself.
Published on October 10, 2017
4 Common Mobile Point of Sale (POS) Security Issues Affecting Retailers That POS Providers Need to Act On
As mobile point-of-sale applications and systems are picking up speed at retailers around the world replacing traditional one, they become appealing targets for cybercriminals allured by the amount of consumer data entered in POS systems whether through unauthorized access, mobile malware or hacking the backend.
Published on January 03, 2017
Gartner reports that by the end of 2015, 75% of mobile apps will fail basic security tests. Over 2/3 of large enterprises have been breached via mobile applications. Each security breach up costs up to $3 million/year. The estimated annual cost of mobile cyber breaches is around $50 billion, globally and increasing.
Published on January 12, 2016