Anyone who owns a smartphone, be it a sleek Apple iPhone or a fully customizable Android device, knows that mobile applications are what brings the “cool” factor to these devices. From small applications that tell the weather or current stock prices, to highly addictive gaming experiences which can suck up hours of your social life, apps are all the rage with smartphone users. This app experience is not just a passing fad, but has become a powerful revenue generating machine for Apple and Google with app downloads crossing the 25 billion and 10 billion mark for these companies, respectively. The application development model is also very conducive for aspiring developers; we hear success stories of startups making it big with breakthrough mobile apps almost every other day. With mobile apps being developed and downloaded at such a fast rate, cyber criminals also unfortunately started taking an interest in apps and the security weaknesses often found within them.
Be it Apple’s App store or Android Market (Google Play), free mobile apps can be found for virtually any kind of activity and downloaded/installed onto a user’s smartphone within a matter a minutes. Of course, it is this very ease that makes apps so tempting a target for malicious attackers who want to use them as backdoor for getting into a person’s smartphone and accessing their sensitive information. A person trusting an app may give it permission to access his/her contact details, calendars and even his physical location – all of which would be a virtual goldmine for an attacker wanting to carry out identity theft. Of course it is not just cyber criminals who are after this data, but also legitimate companies who wish to gather as much data about their customers as possible, which often leads to the breach of a user’s privacy.
Safety tips for app users and developers
The solution for this type of problem has to come at multiple levels. Mobile app users need to be vigilant when downloading and installing free apps and giving them permissions specifically with regards to accessing their address book, calendar, geographic information, sending messages and other sensitive activities. Users should also avoid jailbreaking their devices and side-loading applications, as these activities may end up infecting their devices with malware. Another good practice is to have effective antivirus software loaded onto your smartphone at all times.
Mobile app developers should educate themselves about good security practices when it comes to developing these applications. These include the effective use of Android permission model which gives apps the rights to carry out tasks on the smartphone. Any area of the app which the attacker can exploit to his advantage should be minimized to the best extent possible. The sooner users and developers educate themselves on the risks, the sooner they will be able to avoid finding themselves on the receiving end of a data breach.