how to secure your mobile app the easy way
DESCRIPTION
The last thing on our minds when we are creating a new mobile app is security. But the truth is, the attacks on mobile apps are growing by the day. Learn how to make your mobile app secure and avoid a Snapchat hack with tricks, tools, and tips from the pros. The complete guide to keep your mobile app secure the easy way. Transcript: There has been a 163% increase of mobile malware in 2012. 78% of the top 100 Android and iOS apps have been hacked. Less than 5% of popular apps contain professional-grade protections to defend against hacking attacks. Cracked mobile apps are at risk of: • revenue loss (falling currency or dollars) • unauthorized access to critical data • intellectual property theft • fraud • altered user experience • brand damage Riskier apps, the ones that need more security If you have an app that.. • asks for location • collects personal information from users (pics, names, address) • relies on remote servers for storing and manipulating users’ data Apps that don’t require as much security • alarm clocks • local notes • apps that never talks to the web • Maintain updated libraries • Try to use a secure mobile app content management system (CMS) like Joppar Content to send content to users securely • Use an encrypted web address to pull app content from mobile app cms • Secure the server, data, AND app if you’re handling user data DON’T: • Treat content passed in as trusted • Collect or keep data you don’t need • Save user data to NSUserDefaults or SharedPreferences. this saves as plain text! Just add and SDK into your mobile app Make sure you trust the source and check the security • Forget to include https: ‘GET’ and ‘POST’ requests for images, documents, user login credentials, and other commonly transferred data attacks such as disabled or circumvented security, unlocked or modified features,and free pirated copies. More tips from the mobile app security pros: Prateek, Security Researcher for Infosec Institute says… “One thing mobile devs can do now – Make sure important information is not leaked or stored on the device. For e.g, while storing data locally in IOS applications, one should not use NSUserDefaults, Plist files or even Core Data to store important information like access tokens,passwords etc. A better option would be to store it in the keychain, even though it is also not safe in case of a jailbroken device” Things to remember about mobile app security: • The bigger the user base, the greater the need for strong security There you have it a quick bit on mobile app security, the easy way. But there is always more to learn about mobile. To learn more about mobile app development go to joppar.com. Also, make sure to check out our mobile app optimization tools Joppar Content (our mobile app content management system) and Joppar Switch (our feature switching tool for mobile apps).TRANSCRIPT
- 1.HOW TO SECURE YOURMOBILE APPTHE EASY WAY
2. First, the Facts 3. 163% increase of mobile malware in 2012 4. 78% of the top 100 Android & iOS apps have been hacked 5. 5% of popular apps use tools to defend against hack attacks 6. 40% of popular free iOS apps 7. AND 8. 80% of popular free Android apps 9. were found to be hacked 10. So why should I care 11. Cracked mobile apps risk 12. Revenue Loss Unauthorized Access Intellectual Property Theft 13. Fraud Altered User Experience Brand Damage 14. Does My App Need to Be Secure? YESbut some apps are at greater risk than others 15. High Risk Apps AskLocationCollectuser infoRemoteservers 16. Low Risk Apps Alarm ToClocksDo ListsOfineApps 17. If the big guys cant keep their mobile app secure, how can I? 18. DO 19. Use https:// to get content 20. Maintain updated libraries 21. Use a secure mobile app (CMS) 22. Filter inputs at device level 23. Store in a secure location: iOS = Built-in Keychain class Android = Encrypt data 24. DONT 25. Treat content passed in as trusted !Save to NSUserDefaults" or SharedPreferences" Forget https: GET & POST 26. Connect to an unsecure backend !Use one, static encryption key !Skip code reviews with teams 27. What The Pros Have to Say About This 28. Make sure to encrypt important les if stored locally. Also,defend against operating system vulnerabilities, e.g. for iOS apps, defend against runtime analysis. - Prateek Gianchandani Security Researcher 29. Dont keep info that you arent willing to spend money and time on to protect. Avoid rolling out your own authentication, unless security is your forte of course." - Frank Rietta Web Security Developer 30. sounds like a lot of work... anything i can do quickly to secure my app? 31. Secure mobile app optimization tools 32. Two-Factor Authentication 33. Discover Code Flaws 34. Things to remember about mobile app security 35. The bigger the user base, the greater the need for strong security 36. Mobile users lose their devices, get them stolen, and let people borrow them. !So protect their data! 37. If the NSA has taught us anythingNothing is hack proof or 100% secure 38. OF COURSE THERES A LOT MORE TO LEARN 39. CHECK OUT THIS ANIMATED SECURITY GUIDE FORMORE TOOLS, TIPS, & TRICKS 40. Mobile App Optimization ToolsMobile App CMS Mobile App Feature Switching Send content to your app users in :27 secondsA circuit breaker for your mobile app 41. SOURCES: http://www.mendix.com/think-tank/7-security-compliance-gotchas-in-your-mobile-app-that-you-didnt-think-of-ooops/ http://www.business.ftc.gov/documents/bus83-mobile-app-developers-start-security http://www.arxan.com/resources/ https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks http://highaltitudehacks.com/2013/12/17/ios-application-security-part-25-secure-coding-practices-for-iosdevelopment