As marketers and IT professionals strive to gain a competitive advantage in the marketplace through the development of mobile applications for its consumer, hackers continue to work behind the scene to exploit sensitive organizational and consumer data. Today, WikiLeaks released information which identified how the CIA gained access through vulnerable mobile applications in order to gather data stored on devices of information such as emails, contacts, credit card information, passwords, global positioning data, etc. Businesses and consumers have to be just as vigilant in securing their mobile apps as they are with their computers by ensure antivirus software and patches for operating systems and programs are continually updated.
Companies must remain diligent in their efforts to ensure consumers are not receiving mobile apps that provide gateways to their data/information. This could tarnish a brand and could affect their bottom line immensely. Just imagine if Amazon or Uber mobile apps were hacked and led to access of the great empire of data and analytics they possess. Especially, the active credit card and banking information these entities possess.
The top 5 reasons vulnerabilities exist with mobile applications are:
- Bad Storage Practices: Normally cause by inexperienced programmers that store compact data on local devices. “Cryptographic key hard-coding into the app can be accessed using mobile forensic tools.”
- Malware: Android mobile apps are more vulnerable to malware due to Google Play’s open format. Google Play programs normally come as a standard application already installed on Android phones.
- Unauthorized Access: Bad apps normally request access to other programs. Therefore, users must understand the risks when allowing this access.
- Lack of Encryption: Common encryption framework must exist to securely protect user’s data.
- Data Leaks from Syncing: Data leaks have occurred where user data syncs with the cloud. Password breaches that exposed user data to hackers has occurred.
Mr. Ben Wizner, the director of the American Civil Liberties Union’s Speech, Privacy, and Technology Project states:
“Those vulnerabilities will be exploited not just by our security agencies, but by hackers and governments’ around the world.” “Patching security holes immediately, not stockpiling them, is the best way to make everyone’s digital life safer.”
It is a known fact that vulnerabilities exist on some phones and devices prior to mobile application even being installed. Additionally, there are applications camouflaged as legitimate resources, but possess alternative motives as they are intentionally designed to gather our data. After researching this topic, I have come to the conclusion that it is vital that we perform some research before uploading mobile apps to your phones or devices, unless we are willing to share this information with the world.
Ways to check to see if your application is secure
- There are mobile application source code analyzers tools that sandbox the application that are available on the market which checks for flaws and performs manual analysis.
- When testing is not an option, you can request a copy of the apps latest security vulnerability assessment and penetration test report.
- Businesses should also include mobile app as part of their information security programs.