When you’re developing an app that stores personal and financial information, security should be the number one priority. Unfortunately, this isn’t always the case, and data security is often last to the party.
The number of mobile apps that we trust to securely handle our transactions has skyrocketed in recent years, and the proportion of them that have potentially disastrous security vulnerabilities has increased even faster.
Currently, there seems to be no curbing the trust that users are putting in apps that are hot targets for fraudsters — a problem made even worse by the rushed development and testing of these mobile products in order to get them into the hands of an app-hungry public.
According to TechTarget, a study by the Ponemon Institute articulated exactly what security professionals and developers have been thinking for years: companies are not investing enough in the security of their mobile apps, and these vulnerabilities are increasingly being exploited for financial gain.
The study, entitled, “The State of Mobile Application Insecurity,” is based on a survey of 640 individuals involved in the “application development and security process” within their companies. The findings were surprising and even a little alarming for mobile app addicts — especially those who use them for financial transactions.
Of the 640 individuals from 400 different companies, more than half of them devoted absolutely none of their budget to mobile app security, while [tweetable alt=”40% of #developers aren’t even scanning their #apps for #vulnerabilities, says a @PonemonPrivacy #study.” hashtag=””]40% weren’t even scanning their apps for vulnerabilities.[/tweetable]
[tweetable alt=”Of the 60% of #app companies that scan for #vulnerabilities, a third find issues, says @IBM’s #JimSzafranski.” hashtag=””]According to IBM’s VP of mobile management Jim Szafranski, the 60% of companies that were scanning for vulnerabilities were finding issues about a third of the time.[/tweetable] Szafranksi said that to project whether the vulnerabilities were even being fixed or not would be “pure speculation.”
Vulnerabilities in mobile applications stem not so much from malware infections as from poor security practices on the part of developers. An example of this type of lazy app development that makes mobile such a hot target for cybercriminals is the inclusion of SSL encryption libraries that are vulnerable to the Heartbleed exploit — any half-decent developer knows about these risks, unless they’ve been living under a rock for the past year.
Another instance of poor security practices from app developers is the popular app Venmo, which handles both large and small payments between its users.
Venmo’s security loopholes can’t even be called security loopholes — they’re much more like freeways down which attackers interested in taking your money can drive armored vehicles full of your stolen cash. According to Slate, linking apps like these to your bank account can be disastrous.
How Do You Secure Your Device?
Infinite Monkeys is the first mobile app provider to allow the integration of security features with anything you create — MetaCert’s Security API service can be embedded into any app made with Infinite Monkeys. The service checks external URLs for safety and warns you if they’re suspected of leading to a phishing site.
App publishers can choose what types of harmful links their app will alert users to, and those alerts can also be extended to warn about malware, gambling, and pornography sites.
CEO of MetaCert Paul Walsh stated that it was his company’s mission to “make it easy for app publishers to keep consumers and businesses safe while using their apps.”
Infinite Monkeys provides publishers with two options — which can be used simultaneously — to improve their apps’ security for their users. These include the monitoring and hardening of an app against phishing or malware attacks through third party links, as well as a link-blocking option specifically for pornography sites, which are home to many forms of online compromise.
The number of app users concerned with the safety and security of their mobile devices are growing, and so must developers’ concern for the security of their apps. Security shouldn’t come as the final step in the mobile app making process — it should be integrated into the structure of the app from the very beginning.