It is no secret that mobile phones are now a big part of our lives straight from being communicating tools to tools for gaming, e-commerce, banking, access to soft loans, mobile money and some of carry our whole office in these devices as well.
Without mobile apps, then mobile phones would not be able to do any of the above and while we are celebrating the churning out of mobile apps every other day, it has merged that developers are neglecting the important matter of security when coding for the apps.
In an interview with TechMoran, Caleb Barlow, IBM Vice President Mobile management and security challenged developers to engage in sound coding practices that will make mobile apps less vulnerable to attackers.
“We recently carried out a study on mobile dating apps and out of 41 out of 63 apps were found with vulnerabilities, leaving windows and doors open for attackers to hit,” said Barlow.
According to the study, users let their guard down when they anticipate receiving interest from a potential date and some of the vulnerable apps could be reprogrammed by hackers to send an alert that asks users to click for an update or to retrieve a message that, in reality, is just a ploy to download malware onto their device.
Additionally, IBM found 73% of the 41 popular dating apps analyzed have access to current and past GPS location information and hackers can capture a user’s current and past GPS location information to find out where a user lives, works, or spends most of their time. Credit cards were not spared either and the study found out that 48% of the 41 popular dating apps analyzed have access to a user’s billing information saved on their device. Through poor coding, an attacker could gain access to billing information saved on the device’s mobile wallet through vulnerability in the dating app and steal the information to make unauthorized purchases.
Reverse engineering which is a blessing to quite a number of industries can be a way through attackers can get to apps if they have any vulnerabilities and hence more need to keep them secure.
Barlow also revealed that security for mobile apps is often threatened by third party appstores as well because despite them selling the apps for half or cheaper than the amount at which the official appstores are selling, they do so with malware which can be quite disastrous to mobile phone owner.
Recently, IBM and the Ponemon Institute conducted a study on mobile apps that revealed lax security practices amongst enterprises as well.
The study findings showed that nearly 40 percent of large companies, including many in the Fortune 500, are not taking proper precautions to secure the mobile apps they build for customers.
Additionally, organizations are poorly protecting their corporate and BYOD mobile devices against cyber-attacks—opening the door for hackers to easily access user, corporate and customer data.
“Building security into mobile apps is not top-of-mind for companies, giving hackers the opportunity to easily reverse-engineer apps, jailbreak mobile devices and tap into confidential data,” Caleb Barlow said. “Industries need to think about security at the same level on which highly efficient, collaborative cyber-criminals are planning attacks. To help companies adopt smart mobile strategies, we’ve tapped the deep security expertise of IBM Security Trusteer, bringing what we’ve learned from protecting the most sensitive data of complex organizations—such as top global banks—and applying it to mobile.”
In his challenge to developers to come up with sound coding practices Barlow also advised them to constantly use tools to scan app code for vulnerabilities to see if there are any coding mistakes in the app.
When releasing an app for use it is also advisable for developers to release them on multiple platforms, ascertain the security of the platform first and build and grow users.
“Every publisher is equal, users can interact with it, think about it and rate it, “said Barlow
End users can protect themselves as well and one of these ways is through avoiding third party stores when buying apps, conducting permission fitness and Ovacation which will make it difficult for an attacker to strike.