It seems like there is no limit to the things you can accomplish with mobile devices. Just when you think there is something your mobile device cannot do, they create an app for it.
Because of how versatile mobile devices are, we find ourselves using them to do our banking, to monitory our fitness, to keep in touch with the people who we care about, to control the devices in our home, and to track our location. There is probably more information stored about you on your mobile device than there is in almost any other place.
The reason why you trust your device with all of this information is because you believe that the applications you are using have been well engineered with security in mind. That being said, there are a whole host of potential security issues that could arise with mobile apps. If you are looking at designing a mobile app in 2019 or are simply a mobile app customer, you will be interested in the following four tips to secure privacy and data protection in mobile apps.
With the growing rate of malware designed specifically for mobiel applications developers should be cautious right from the initial design stages. In a recent interview with Security Week’s Kevin Townsend he stated, “Smartphone malware infections increased by 96% over the year to April 2016; smartphones account for 78% of all mobile infections. Similar statements have been made by community focused group Privacy Canada, who show that a large number of malware originates from China. With the increase in these technologies, precaution is the first step to protection.
Image: https://imgur.com/1F6JD6H
- Secure the Code from Start to Finish
As an app designer, security needs to be at the forefront of your design process from day one. This means realizing that unlike web applications where the data and software are stored on a secure server and the browser simply serves as an interface when working with native apps, the code is on the device once it’s downloaded. This makes mobile apps more susceptible to individuals who have nefarious intent.
A mistake that you often see is businesses focusing their energy and resources on securing network and data components. This is important, but it is pointless if the app itself is not secure. Things including developer error or improper testing of code can open your app up to attackers.
This is why developers are encouraged to protect their app code with encryption. The code should be difficult to read. That being said, you should remember the importance of things like runtime memory, the file size, battery usage, etc. Your app should be secure, but it should not put a drain on the device resources your users have available.
- Test Your Software, and Then Test It Again
As we mentioned at the outset, mobile applications are being produced at an astonishing rate. This means that if you have an idea for an app, you can be sure that in short order someone else is going to have a similar idea. This puts a lot of stress on developers to get their apps out as quickly as possible. Unfortunately, testing falls by the wayside.
Testing app code is essential in app development. In addition to testing for usability and functionality, you should test for security. Testing should include a deliberate probing of the network or system with the goal of identifying weaknesses. Authorization and authentication issues should be scrutinized. Data security issues and seasoned management issues should also be addressed.
Do not take it for granted that your app is secure. Take advantage of emulators to test how your app will operate on different operating systems or browsers. Just because it functions securely in one environment does not mean that it will function securely in all environments.
- Understand the Ins and Outs of Customer Data Security with Mobile Apps
We cannot stress this point enough. The code and the data from mobile devices are stored on the device itself. The more data that is stored on a device as opposed to on a server, the higher vulnerability there is. Mobile apps can leak a customer’s data without the user being aware of it. This includes information that the user may consider unimportant, such as their age, their location, or how they use their device. However, in the wrong hands all of this information can be used to do some very bad things.
We encourage the use of file level encryption. This way, each file is protected on a file by file basis. When this form of encryption is used, at rest data cannot be read, even if the data is intercepted.
Extra care is needed when handling a customer’s sensitive information, including things like their credit card information, Social Security number, address, etc. If possible, this information should not be stored directly on the device but on a secured server. If it is necessary to store the information on the device, the storage should be encrypted.
Image: https://imgur.com/a/PyFMIGU
- Secure Your Mobile Device
App developers can do a lot to make sure that the apps you download are secure. But, at the end of the day, it’s up to you to keep your mobile device secure. A simple solution is using passcodes. A survey showed that 64 percent of people do not use passcodes. That’s just foolish. You are giving your phone and all of your personal information to anyone who simply swipes the phone. And, remember, 1234 is not a good passcode.
Security also involves you being selective with the applications that you download. Sure, that new unknown app from a third-party provider may look great, but you have no idea whether or not it is secure. This is why we recommend that you purchase apps from trusted app stores. This includes Amazon, Android Market, and iTunes. Read reviews, and do your due diligence before giving out personal information. Be especially diligent when interacting with financial applications.
Do not click on suspicious links. For some reason, people are three times as likely to click on a link that seems suspicious if it’s on their cell phone as opposed to being on their PC. Finally, keep software up-to-date. Many apps will automatically update themselves. Or your mobile device will warn you that an application you have is out of date or needs to be updated. Take these updates seriously as they often include security improvements that will keep your mobile device, your personal information, and your online data safe.
We would love to hear from you. Let us know what tips or suggestions you have for app developers or what steps you take as a user to secure privacy and data protection in mobile apps.
Author: Gary Stevens is a full-time front-end developer and part-time blockchain geek. He currently lives in Toronto, Canada with his 2 boys.