Appdome Blog

How Do Developers Work with Mobile Application Security?

November 07, 2017

20171107-header.png

Mobile devices and mobile applications are thriving! Different types of mobile devices are being introduced to the market each year, coupled with an ever-increasing user base around the world.  The Pew Research Center provided a very insightful Mobile Fact Sheet in 2017 on the Mobile Devices landscape.  Another good read is from Smart Insights.  Here are some interesting stats from both sites:

  • 77% of all Americans today own smartphones and this number is growing every single year.  
  • In 2015, GlobalWebIndex published a report that says 46% of all shoppers use their smartphones to complete their purchases.
  • 12% of all American citizens complete all internet usage only on their phones while at home and do not have a broadband connection at their residence in 2016.

Hackers and/or attackers with Mobile Applications very commonly try to:

  • Copy the application code of a secure mobile application and reverse build a very similar burlesque mobile application that will have malware
    • Inserted malware can store keystrokes, steal the device’s lock passcodes, access information on the mobile device, and other catastrophic things.  
  • Embezzle secure customer data for very harmful and dangerous purposes.
  • Obtain confidential business capital and cerebral equity.

For more information on other malicious intents Hackers have, read UpWork Global Resource.

According to SCMagazine, there is a greatly growing presence of companies and organizations that allow all users to bring in their own mobile devices.  This Bring Your Own Device (BYOD) movement continues to make mobile applications a much larger and tempting target for Attackers.  Many mobile applications have very large amounts of permission on mobile devices to remotely gain control of the device and access all of the device’s data.

With the intensive use of applications on mobile devices, it is natural to wonder if the applications are secure. If they are keeping information on the application, device and end user safe? For businesses, security is a top priority as they cannot afford a data breach. What can businesses do to keep their applications and end users secure? Here’s a helpful list to start:

  1.   Build, integrate, and fuse all applications with more other services including security to keep all of their business’ information safe.
  2.   Build applications with Checksums to ensure the integrity of the file that is being used in a mobile application. A mobile app binary and mobile applications are both considered files.
  3.   Whitelisting applications to identify and control websites that an application can access.
  4.   SSL Certificate Validation and Pinning with applications.
  5.   Addressing Mobile Malware developers that will obtain your apps and distribute them globally containing malicious code within the app(s).
  6.   Utilize e Data at Rest Encryption with applications because data on mobile devices is at risk to malicious apps and physical theft.
  7.   Obfuscation of the mobile app code to help prevent any mobile application reversing that will be very harmful to all users of the application.
  8.   Build all applications with Anti-tampering to add a protective layer to applications that will mitigate modification.
  9.   Ensure applications have the ability to detect if users are an infected device (i.e. Jailbroken or Rooted) and stop the users from using the application security purposes.

Build in Anti-debugging features to protect mobile apps from allowing reversing techniques to be used.

So how can you build your applications following these great Security Best Practices, without adding months to development time, and without needing to grow your mobile developer team?

For more information and an answer to this big question, download The Ultimate Guide to Mobile App Security

At Appdome, we make it easy for mobile app developers to consider and embed the necessary security  in all their mobile apps to avoid malicious attacks.