Mobile App Security: Securing your mobile phone in the BYOD era is not an easy matter. However, you can start by taking into account the four steps that we outline below. In the era of technological development of mobile devices, as well as the appearance of more and more mobile apps that facilitate users, the issue of mobile phone security is not simple, and certainly not an easy task.
The dangers are lurking and a burning question is torturing all users: are mobile apps safe and protected from malicious hackers?
New data proves that there is not much room for improvement. The percentages of the study of 640 businesses by the Ponemon Institute for IBM are alarming: The average business checks less than half of the apps for security issues before they are distributed to the market. This omission can irreparably expose their users' data and makes them vulnerable to potential cyber attacks.
Have many companies adopted the bring-your-own device (BYOD) tactic? 55% allow employees to use and download professional apps to their personal devices, according to a Ponemon survey. Even more worrying is the fact that about 67% of the companies surveyed allow their employees to download non-vetted apps to their professional devices.
So how can we protect ourselves in the age of BYOD? A good start is the four simple steps:
Issue # 1: Create Secure Apps
Mobile malware exploits vulnerabilities or bugs in the code of mobile apps. Using the most secure mobile app development practices, including using source code scanning tools, can help mobile apps resist these types of attacks. It is also important to analyze the code from third parties, or from any app that is allowed to coexist in phones used by employees. In this case the executables should be scanned.
Issue #2: Protect your device
Η ασφάλεια ενός app είναι ένα θέμα που συνδέεται άμεσα με την ασφάλεια της συσκευής στην οποία εγκαθίσταται. Μια απροστάτευτη συσκευή η οποία έχει γίνει modified από τον κάτοχό της ή από ένα unauthorized app για να προσπεράσει το οperating system security, μπορεί να δεχθεί την εγκατάσταση οποιουδήποτε app από οποιαδήποτε πηγή. Αυτές οι συσκευές γνωστές ως jailbroken ή rooted συσκευές, είναι πολύ ευαίσθητες σε mobile malware.
But the worst part is that attackers using mobile malware do not rely solely on jailbroken devices to achieve their goals. Even users who overuse mobile permissions applications —often by default—can also leave a path open for malware, such as basic services, plain SMS, for example.
Issue #3: Prevent the theft / leakage of data
When mobile apps have access to data, both personally and privately, documents are usually stored on the device itself. If the device is lost, or data is shared with unauthorized apps, there is a high risk of theft or leakage of this data.
Issue #4: Exclude high-risk access
Mobile is designed to interact with backend services. For example, mobile banking apps allow users to transfer money to third parties while mobile CRM apps allow vendors to update their predictions and access critical data.
Using context and risk factors (for example, if the device is compromised or the location / time is suspicious), you are likely to prevent or block access to your systems.
