DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Data Engineering
  3. Data
  4. 5 Challenges in Mobile App Security

5 Challenges in Mobile App Security

Everyone nowadays has a mobile device (or two or three). So, when creating mobile applications, make sure AppSec standards are adhered to.

Rohit Akiwatkar user avatar by
Rohit Akiwatkar
·
Apr. 15, 17 · Opinion
Like (0)
Save
Tweet
Share
6.50K Views

Join the DZone community and get the full member experience.

Join For Free

Smartphones and mobile applications are an essential part of our life. With mobile apps, we can play games, book a flight, socialize, and buy groceries. Recently mobile apps have made inroads into banking and the financial sector, where confidential details are exchanged. A security breach in the mobile application can lead to data theft, IP theft, unauthorized access, and fraud. From the business perspective, imperfect mobile app security can lead to dissatisfied customers, revenue loss, and, eventually, a tarnished brand image.

Mobile App Infographic

Challenges in Mobile App Security

1. Device Fragmentation

Mobile application testing needs to cover a multiplicity of mobile devices with different capabilities, features, and limitations. Identification of security vulnerabilities specific to devices makes performance testing a difficult task. The testing team can’t test release as fast as the development team is producing them, so they are becoming a bottleneck in the release process. This also leads to the production of low-quality apps. Most of the apps are made in an iOS, Android, or Windows environment. But there are different versions of each Operating System (OS) which have a different set of vulnerabilities. Testing of the app on each version is time-consuming and requires the application tester to be aware of the loopholes.

2. Tools for Mobile Automation Testing

A reasonable approach to fragmentation requires the use of automation testing. But Traditional testing tools like Selenium or QuickTest Professional (QTP) weren’t designed with cross-platform in mind. So automation tools for mobile app and web application are different. While many test automation and testing tools for mobile have emerged, there is a dearth of full-fledged standard tools that can cater to every step of the security testing. The common mobile automation testing tools are Appium, Robotium, and Ranorex.

3. Weak Encryptions

A mobile app can accept data from all kinds of sources. In the absence of sufficient encryption, attackers could modify inputs such as cookies and environment variables. Attackers can bypass the security when decisions on authentication and authorization are made based on the values of these inputs. Recently hackers targeted Starbucks mobile users to siphon money out of their Starbucks mobile app. Starbucks confirmed that its app was storing usernames, email addresses, and passwords in clear text. This allowed anyone with access to the phone to see passwords and usernames just by connecting the phone to a PC.

4. Weak Hosting Controls

When creating their first mobile applications, businesses often expose server-side systems that were previously inaccessible to outside networks. The servers on which your app is hosted should have security measures to prevent unauthorized users from accessing data. This includes your own servers, and the servers of any third-party systems your app may be accessing. It’s important for the back-end services to be secured against malicious attacks. Thus, all APIs should be verified and proper security methods should be employed ensuring access to authorized personnel only.

5. Insecure Data Storage

In most of the popular apps, consumers simply enter their passwords once when activating the payment portion of the app and use it, again and again, to make unlimited purchases without having to re-input their password or username. In such cases, user data should be secure and usernames, email addresses, and passwords should be encrypted. For example, in 2012 a flaw in Skype data security allowed hackers to open the Skype app and dial arbitrary phone numbers using a simple link in the contents of an email. Design apps in such a way that critical information such as contact details, passwords, and credit card numbers do not reside directly on a device. If they do, they must be stored securely.

Businesses should define standard secure practices during application development. Considering the following concerns, they can ensure security across every aspect of mobility operations:

  • Data: How does the application fetch and display data?
  • Network: How does the application access networks?
  • Device: How vulnerable is the device to lose or theft?
  • Application: How securely and effectively is the application coded?

Businesses should apply mobile strategy diligently to make sure your mobile developers can think through unintended consequences of app design and security. Delivering an easy-to-use app will decrease the brand value if you put customer or enterprise data at risk.

mobile app Data security

Published at DZone with permission of Rohit Akiwatkar. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • 7 Awesome Libraries for Java Unit and Integration Testing
  • Kubernetes vs Docker: Differences Explained
  • Easy Smart Contract Debugging With Truffle’s Console.log
  • What Is Policy-as-Code? An Introduction to Open Policy Agent

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: