Mobile App Security Threats: An Overview
In this digital world, many of us own a smart phone and install all the must-have apps. Be it Clash Of Clans while commuting, WhatsApp, Facebook or Twitter for communicating, banking apps for mobile banking, shopping apps for one touch home delivery, or any other smart app that makes our lives easy.
Now, whenever we think of security of these apps, we assume that the developers / companies have taken all the security measures while developing the app. And if the app is bought from a verified app store, it is taken for granted that it must be completely secured. Well, we might be wrong! Most of the smart phones / applications do get attacked and all our information is bound to be stolen if the app is not secure enough.
Gartner predicts that nearly 2.2 billion smartphones will be shipped to end users by the end of 2014. With the rising number of smartphones and tablets, hackers have now shifted their focus from desktops to mobile devices. According to Gartner, by 2017, 75% of mobile security breaches would be the result of mobile app misconfiguration.
Whom do they target the most?
According to KasperSky, a leading developer of threat management systems, Android devices are the most susceptible to malware attacks. Android’s open architecture not only makes it easy to use for app developers to use but also makes it an easy target for hackers. Though we cannot just say that about only Android phones,iOS devices too are equally prone to infection especially if they are jailbreaked.
Why would anyone target my phone?
The most obvious answer which comes to mind is financial data. However, there are a host of other reasons for attackers to target your phone:
- Information / Sensitive Data: In most cases, the information targeted is:
- Personally Identifiable Information (PII)Full Name, SIN\SSN
- Address book data
- Location data
- Cardholder data (CHD)
- Card Numbers
- To gain access to external services (email, banking, etc.)
- Sniff your connections; Steal trade secrets or other sensitive data.
Within no time all your personal and sensitive information may be sold in the black market and later used for various activities like Spamming, Phishing, Swiping / Stealing cash from your bank or other virtual financial accounts.
- Botnets, Spamming, DDoS:When compared to desktops/laptops, mobile offers an advantage for botnets to initiate attacks like- mass spam mails, DDoS attacks etc. As smartphones are rarely powered down, botnets find them a reliable medium to carry out malicious activities.
- Mining Malware:Apps are injected with CPU mining code for mining Bitcoins or other digital currencies. The malware essentially transforms the handhelds into a bot that uses a great deal of computer processor and battery power without the owners’ knowledge or consent to mine crypto currencies.
While there are many ways attackers can inject malicious codes, break in your phone via apps etc. as a mobile app developer you should always use APK integrity checks and protect all sensitive information by encryption. Know your data, try and understand the platform you are developing for and use this knowledge to secure all your apps. In the next post in this series, we will talk about how to develop secure mobile applications.