How Secure is Your Mobile App?
A long time ago, in a galaxy far, far away, people used phones primarily to call each other. Strange, huh? Today, in this galaxy, many of us depend on our phones to take care of everyday tasks like waking up on time, keeping track of our calories, and sharing photos and updates. Need movie tickets? Tap, tap, and done. Want to track your credit history and get free credit scores? Yep, you can do that, too.
Organizations have embraced mobile apps as a way to improve employees’ productivity and align with their new agile and mobile lifestyle, but are these mobile applications really secure and protected from malicious hackers?
To put this concern into perspective, recent research from many sources determined that among the top paid and free mobile applications:
100% of the top 100 paid apps on the Google Android platform had been hacked
56% of the top 100 paid apps for Apple iOS had been hacked
73% of popular free apps on Android had been hacked
53% of popular free apps on Apple iOS had been hacked
Fundamentally, this happens because security is hard , at TEDMOB we always try to explain to our clients the importance of securing the app. Hackers are experts in security, this is why we have a team of expertise with special attention while coding to pay attention to building a secure app.
The following core security features help you build secure apps; don’t say we don’t give free advice! :)
Secure the Code:
First Part is to secure your code. We look for tools to aid our developers to detect and close security vulnerabilities and then harden their applications against reverse engineering and tampering. However, “consumer apps” still represent a threat as they may not undergo the appropriate hardening process; and if rogue applications, malware and enterprise apps share the same device, the threat is tangible.
- The App Sandbox, which isolates your app data and code execution from other apps.
- An app framework with robust implementations of common security functionality such as cryptography, permissions, and secure IPC.
- Technologies like ASLR, NX, ProPolice, safe_iop, OpenBSD dlmalloc, OpenBSD calloc, and Linux mmap_min_addr to mitigate risks associated with common memory management errors.
- An encrypted file system that can be enabled to protect data on lost or stolen devices.
- User-granted permissions to restrict access to system features and user data.
- App-defined permissions to control application data on a per-app basis.
Security device features like device lockdown and the blacklisting of suspicious apps or apps from unknown sources can also enhance the protection of data from hackers. Always keep your phone safe so no one can hack your apps and passwords.
Other small pointers we at TEDMOB pay attention to in securing our apps are briefly below:
The most common security concern for an app is whether the data that you save on the device is accessible to other apps. There are three fundamental ways to save data on the device:
The following paragraphs describe the security issues associated with each approach.
Using internal storage
By default, files that you create on internal storage are accessible only to your app
Using external storage
Files created on external storage, such as SD cards, are globally readable and writable. Because external storage can be removed by the user and also modified by any app, don't store sensitive information using external storage.
Using content providers
Content providers offer a structured storage mechanism that can be limited to your own app or exported to allow access by other applications. Few developing companies have an open to these details but here TEDMOB hires developers breath drink eat coding and security.
Using permissions- Requesting permissions- Creating permissions are also some of the things you have to pay attention to. If I go on talking about security the list would be so long all you need to know and what is important is that sometimes you just need experts with App security.
Following these practices as general coding habits reduces the likelihood of inadvertently introducing security issues that adversely affect your users.
The bottom line:
Don't be afraid to enjoy the convenience of mobile apps, or even building a mobile app but proceed with caution.
Know what you're signing up for (and who's providing it!) before you download a new application to your smartphone, and come to the right people who have experience in building secure apps. Before too long, it may replace them both!
If you have any further questions in this regard don’t hesitate to drop us an email on firstname.lastname@example.org.