Let's compare hackers with pirates: everyone is at risk and nobody seems to be spared in the waters where they sail. However, it is possible to enjoy some safety if you arm yourself to the teeth against hacker attacks. We share our knowledge about the security of apps with you.
The following information will be useful for (future) app owners and users. It will allow you to keep privacy-sensitive data in calmer waters.
Common weaknesses in apps
In app development, one shuld always take into account the common security risks. We list a few weaknesses in apps for you, so you can overcome the shock after reading the previous paragraph. Here we go:
- Weak protection of the binary code.
- The data transfer between app and server is insufficiently secure.
- Read more about eight other common weaknesses in apps. Don't worry, if you click on the link, you will not get a virus.
So what is the problem now and what is the solution? For example mobile malware uses vulnerabilities or bugs in the code of apps. Also an app can be attacked or sensitive user data can be stolen via telephone chip or a so-called rogue application.
To reduce the chance of hackers using weaknesses or bugs in an app, an app developer keeps the code 'hidden' by encryption. Thus the code is almost illegible, making hackers apply a lot of efforts to interpret it, crack and abuse.
Measures for consumers and businesses
Employees and consumers can take the following precautions:
1. Is an antivirus app recommended?
Ah, control is the mother of security. A regular iPhone or iPad can not download apps from unknown sources. Therefore, these mobile devices are relatively safe. By default, Android phones have Google's anti-virus service: Varify Apps. Please note, the service only tracks app based malware, no web based malware (for example, by browser).
2. The problem with old phones
Personal data is now protected with encryption, at least on many smartphones and tablets. On the iPhone this is done by default from iOS 8.0. On Android phones, data is automatically encrypted starting from Android 6.0 Marshmallow. Also check if your phone is up to date. We strongly recommend to update your phone with the latest OS version and your apps with the latest version. However, this is not always possible on an obsolete device, as they don't support latest updates. Check out the latest OS versions of iOS and Android.
3. ‘Unknown sources’-setting (only Android)
It is not wise to activate the security setting 'Unknown sources' on an Android phone. If this setting is enabled, you can download apps from outside the app store. The app store contains almost no malware. Beyond that, it does exist. Therefore, rather don't turn the "Unknown sources" setting on.
4. Beware of apps that contain malware
Of course, not all apps contain malware. Despite that, apps can still snuggle into your data. IPhone apps and Android 6.0 (and later) apps require permission first before they can access certain data and features. When a decibel meter app asks for access to your contacts, camera, GPS and Facebook account, that should be a canary in the coal mine for you.
5. The superuser setting
Through the root, you can access the entire operating system. It is convenient to adjust everything to your taste. Essentially 'rooting' is safe if you know what you're doing. The security risk lies in malware that needs access to the root in order to function. If the user does not have access to the root, then the malware either can't access it.
6. Make your smartphone and tablet as safe as possible
You know the drill: update apps and make sure the following features are not constantly turned on: automatically connect to WiFi hotspots, GPS, Bluetooth, and NFC.
7. Update your phone or mobile device to the latest OS version.
When it comes to data protection, smartphones and tablets are less dangerous than the desktop, however, the security of apps should not be ignored.
Security is a customized thing. Not every (app) solution requires the same type of security. We give a simple but clear example: take a container with garbage, in most cases there is no lock. But when you should put one? For example, when it comes to a container with shredded paper of important business documents. So, is it a point worth consideration? We would like to talk to you and advise you on security risks.
DTT is happy to help you with safe app solutions. If you are interested then don't hesitate to contact us! During a cup of coffee we can discuss the possibilities and answer your questions. Obviously free of charge.