TrainACE - IT and Cybersecurity Training Blog

The Importance of Secure Mobile Application Coding in Today's Fast Paced and High-Volume App Environment

[fa icon="calendar"] Oct 9, 2013 4:41:16 PM / by The TrainACE Team

Mobile applications have increasingly become a popular way to reach customers in today’s digitally-driven society. With over 50 million applications in the market today, the industry continues to grow at a rapid pace. By 2015, experts expect the development of mobile applications to outnumber PC projects at a ratio of four to one. But while millions of consumers are enjoying the abundance of various beneficial and useful apps, many of them are unbeknownst to the security threats several of these apps can pose—because thousands of these app developers are abandoning methods of secure coding in hopes of putting out their products as quickly as possible.

Why Is Secure Coding So Important?
Secure mobile application coding is vital because it protects users from downloading malicious code that can not only cause a phone to behave differently, but can also compromise sensitive data contained on the device.  If a customer downloads an app that has been designed without the use of secure coding methods, their phone potentially can become exposed to threats and vulnerabilities. Companies who market apps without going through proper secure coding methods may find themselves in a situation where millions of customers’ data has become compromised, resulting in lost revenue, lost consumers, and a damaged reputation. Therefore, it is important that all companies value security over speed, and make it a priority to properly test the security of an application before shooting for its early release.

Risks Associated with Unsecured Mobile Apps
It is important to note that testing methods differ across the board, making proper testing a challenge, experts say. With a lack of solid standards in place across the industry, the challenge is only compounded. Apple estimated that about 80 percent of mobile apps on the market are not secure. These apps store data on phones is in non-encrypted format, which leaves sensitive information vulnerable to hackers. The issues people face with these apps can be put into two distinct categories, those being malicious functionality and vulnerabilities.

Malicious Functionality
Malicious functionality refers to a hacker’s ability to monitor the activity of device users and retrieve their data. Examples of malicious functionality include a hacker changing email settings to redirect messages to be sent to a secret third party, a hacker accessing a contact list, or a hacker remotely accessing a person's microphone. Furthermore, hackers steal money by signing up the user's phone for premium SMS messaging or calls, so the mobile carrier will route the money back to the attacker when recipients respond. Some hackers also use UI authentication, in which they trick victims into sending their personal data through an impostor app. System configurations will be modified by malicious applications in many instances.

Unsecured mobile apps are exposed to several different vulnerabilities. Typically, mobile apps store information such as PIN numbers and login credentials. In the case of unsecured mobile apps, which do not include encryption, data is much easier to access. These same unsecured apps also use unsafe transmission methods, which leave data vulnerable as it is being sent to other locations.

Solutions to Security Issues
Companies such as Veracode and Marble Security, along with many others, are working diligently to help developers improve secure mobile application coding.  With the launch of their projects, they aim to provide tools and resources for security teams to make stronger apps. Finding projects that offer training, threat models, and guidelines that are platform specific is important. Experts say that developers and businesses planning to release their own apps should never compromise security just to release an app as quickly as possible. They recommend that people who release these apps test both the services and client portions of the apps with static and dynamic test options as well as external and internal testing teams.

Topics: Cisco, Cybersecurity, mobile security, wireless security, Ethical Hacking

The TrainACE Team

Written by The TrainACE Team

Need IT Certifications?
Want more info?

Call (301) 220-2802

Speak with a Program Manager