Top Mobile Security Threats to Consider when developing an App

As the demand for mobile apps and technology continues to rise, so do the security threats.  As we all just learned a few days ago, even the US government is vulnerable to it.

According to BBC:

Four million current and former federal employees, from nearly every government agency, might have had their personal information stolen by Chinese hackers, U.S. investigators said.

Although, we cannot prevent all security threats, we believe that everyone should have a plan in place to mitigate these.  Attacks that proved successful on PCs are now being targeted towards unwitting mobile devices, for now attackers are focussing on the weakest point of the chain, which is why I wanted to share the top Mobile Security threats and risks we have identified:

1)  Authentication and Authorization:  The apps and the systems these connect with should be properly protected with authorization and authentication methods. You should have a procedure in place to block un-authorized devices, users and scripts when identified

2)  Insecure Data Storage:  You should limit storage of data such as usernames, auth tokens, passwords, etc on the device, but if necessary have a plan to secure this information

3)  Client Side Injection:  Although there is software to help prevent this on the app side, attackers can send untrusted data through your system if it is vulnerable to injection, identify the sources of input and user validation before you deploy your app.

 4)  Security Decisions Via Untrusted Inputs:  Attackers can change any information request/customize inputs, you need to detect when these changes occur

5)  Side Channel Data Leakage:  This is an attack based on information gained from the physical implementation of a encryption system, rather than attacks through brute force or theoretical weaknesses in the algorithms

6)  Broken Cryptography:  Ensure that the cryptography you are employing is stable and has not yet been broken.

7)  Improper Session Handling:  Have you ever been in the middle of checking your bank account online when your attention is called away? You return to your computer to see a message like, “Session Timed Out – Please Login Again”.  Do you have a process in place like this for your mobile app?

8)  Insufficient Transport Layer Protection:  Again, there is software to help with this, but protecting data exchange as it travels across the network and the internet “threat agents” can use techniques to view sensitive data while it’s traveling across the wire

9)  Weak Server Side Controls:  The servers that your app is accessing should have security measures in place to prevent unauthorized users from accessing data (Internal and External Servers)

10)  Sensitive Information Disclosure:  Although this is not an app threat, ensure that your users understand the type of information that could be disclosed and at risk when using your app

BONUS  Insecure Data Storage:  The back end systems where your mobile data is stored should be secure, consult experts to determine the steps you should take to secure information such as usernames, location data, and other personal information.  Keep in mind that application logs can also be useful to hackers

Contact Us if you are interested in learning more about how we have helped our clients protect against these and many more mobile threats.

Alex Otañez

Alex Otañez

June 5, 2015

Alex has more than 10 years of international experience in Strategic IT Transformation and Custom App Development. His expertise in various industries ranges from Consumer Goods to Retail to Finance while assisting clients in the areas of Business Strategy & Development, Security & Compliance, and Technology Transformation. As one of Shockoe’s founding members, Alex is focused on business strategy, security & compliance, digital innovation, mobile management, and operational transformations.

More like this delivered right to you:

Sign up for our Newsletter to get our latest posts plus invitations to our events and access to future whitepapers.

Related Posts

Seeing the Member Experience in a “User-Experience” World

Seeing the Member Experience in a “User-Experience” World

In the world of product development, we are often always saying “user” _______. User-centered design, user analytics, user personas, user journeys, etc, etc.It’s a term that holds importance because it is a genuine focus on the end-user experience.  It’s also often...

7 Tips for Utilizing Amazon Alexa to Engage with Customers

7 Tips for Utilizing Amazon Alexa to Engage with Customers

Amazon first released Alexa virtual assistant and smart speaker Echo in late 2014. An in-home virtual assistant is an impressive tool, but creating a seamless user experience with it can be a challenge. So how do companies overcome this challenge? What engagement can...

Ready to drop us a line?