With increasing numbers of employees embracing the convenience and ease of use offered by their company’s mobile applications, the issue of mobile app security has become more important than ever before.
Despite an evolving threat landscape in the face of rapid growth in the number of available apps, app developers have conventionally focused on functionality rather than security, which can leave sensitive data in danger. Hackers can make their mark here by installing malware on adjacent devices, or repackaging apps and reloading them to app stores with malicious code added. This tactic has been used extensively with banking and mobile payment apps
So how can organisations take steps to protect themselves from cyber-attacks targeting apps? Below are five methods that can go some way towards tackling the mobile app security problem:
1. Lock down app permissions: this works by restricting permissions for the device’s firmware and hardware which do not carry out primary tasks of the mobile app – for example, by restricting access to a smartphone’s camera or microphone if it is not used by the app.
2. Avoid relying solely on server-side checks – server-side controls should be enhanced with app authentication and app integrity controls, as malware-infected apps can easily bypass validation checks if they are performed solely by the server. If data is highly sensitive, businesses should add behavioural and context checks, such as geographical location of login attempts, for added security.
3. Look for third-party expertise and always conduct tests – while internal coding security controls often prove difficult to maintain, external support, such as a consultancy may help solve the problem. The use of a third-party tool for app security testing is also essential before deployment of the app, and regular security tests should be an absolute priority.
4. Perform regular health checks – performing regular health checks is essential in order to consistently identify any weak points in an app. This could include finding out whether a device has been jailbroken or rooted, if screen readers are in use or if an untrusted keyboard is installed.
5. Harden applications – to prevent apps being repackaged with malicious code, implement third-party tools that can make your apps self-defending. Software such as Promon SHIELDTM can provide this protection, by adding easy-to-implement protective code which wards off any attempts by hackers to compromise the app.