With mobile applications quickly becoming as powerful and popular as their web-based predecessors, it’s come time for both developers and users to have serious discussions regarding security. It’s seems as though the cyber criminal community has run out to an early lead in the mobile channel, and keeping application control a low-level priority will only widen the gap.
Developing a defense
Any structure is only as good as its foundation, and in the world of mobile apps, it’s developers wearing the hard hats and laying the blueprints. And as any responsible architect should know, form must follow function.
One of the most obvious and important distinctions to be made is the fact the mobile apps are inherently more portable than their desktop counterparts. Now that developers know that users will be taking their products on-the-go, several unique safeguards should be put in place.
For instance, smartphones and tablets face a much higher physical security risk. While it’s fairly easy to keep tabs on desktop and even laptops, the smaller gadgets can easily slip out of messenger bags or be swiped off a desk with users none the wiser. As a result, according to BankInfoSecurity, developers should think about additional levels that can be added to their layered security frameworks and prevent exploitation from unauthorized device users.
Additionally, developers need to acknowledge the differences that distinguish one mobile operating system from another. Developers have been particularly active in the Android ecosystem, favoring its relatively open architecture and massive user base. But by the same token, Android devices have been a magnet for cyber criminals intent on exploiting everything from coding errors to consumer naivety.
Apple’s operating systems have fared better, by comparison, but iOS apps carry risks of their own. For instance, the operating system is hardwired to take screenshots of apps before they are backgrounded in exchange for another program. If these images find their way in front of the wrong audience, the results could be disastrous.
As a result, it is in a developer’s personal and professional interests to create applications with airtight security mechanisms which keep user data safe from prying eyes. According to BankInfoSecurity, this should include code auditing, threat modeling and penetration testing – at the very least.
Using good judgment
Once developers put the finishing touches on their mobile apps and push them out into the world, the obligation of responsible use falls to the customer. After all, that is what they’re agreeing to when they tap “Agree” on the terms and conditions page.
While there is only so much trouble you can get into with a fantasy football score tracker, a growing proportion of mobile apps are taking on a financial dimension. The most obvious example is the rise of mobile payment processing tools like Square, but just about any mobile utility bred for the business world could open the door to corporate accounts if exploited.
For those device owners who are using mobile apps for job-related tasks, there’s a good chance that their employer has – or soon will – provide them with a whitelist to work from. More companies are even going so far as to create their own enterprise app stores from the ground up.
But in the interim, the majority of downloads will still be launched in third-party application marketplaces such as Google Play or The App Store. While these mobile app clearinghouses are tightly regulated, more than a few bad seeds have managed to slip through the cracks and find their way onto the devices of users who were only attempting to do the right thing and go through approved channels.
As a result, mobile app security must become a more proactive pursuit. According to Fox Business, simple moves like password protection, GPS tracking and remote device wiping can go a long way toward restoring order amid chaos and mitigating if not prevent security incidents.
Where do you get the majority of your mobile apps? How much do you really know about their developers? What security provisions have you put in place? Let us know what you think in the comments section below!