Over 80 percent of successful attacks target the application layer (Gartner). In fact, Gartner also reported that security flaws in application software cause 75 percent of all brea....
These numbers are staggering especially when you take into account that mobile apps are experiencing 3 digit growth numbers year over year since 2012.
So before you jump on the mobile app bandwagon consider the following 7 things to make sure your mobile app won't be an easy target for hackers.
1. Secure Software Development
Start by developing software from a security requirements perspective with a secure software development process to make sure the software is not vulnerable to common threats. Make sure the software is auditable.
2. Jailbreak / root detection
Detecting a so called rooted or jail broken device. Such a device is no longer under control of the security sandbox from the OS. Allowing hackers more opportunities to hack the app.
3. Payload encryption
Mobile devices send data through the air (WiFi, Cellular) which can easily be sniffed by hackers. To prevent essential data from being read the data needs to be send back and forth in an encrypted way using a secure connection. But to make it even more secure the data itself needs to be encrypted as well, so you'll need to encrypt the encrypted data and that is payload encryption.
4. Debug Detection
Makes it much more difficult to analyze an app. It disables the option of connecting your mobile phone to your laptop to start debugging the app, preventing the hacker to learn more about the setup of the app.
5. Code obfuscation
When the app is lifted from a device and decompiled the code obfuscation makes it is very hard for the hacker to actually read the code.
6. Tampering detection
Ensures that only the real app binary works. A hacker would like to interface by introducing changes to an app binary in order to get control over the app.
7. Forced upgrade
One of the main challenges of securing enterprise mobile apps is that you have to support and control so many: operating systems (iOS, Android, Windows Phone), devices, and versions of your app. Even though these versions might be considered secure today, due to new developments these can become unsecured tomorrow. Therefore forced upgrade mechanism allows enterprises to ensure their users are using safe versions.
So here you go, 7 things you need to know before creating mobile apps. Keep in mind; the combination of these 7 things won't make your app as secure as fort Knox but it will make it really hard to hack. Most hackers will probably move onto other less secure apps instead.
If you have any thoughts on this you can comment below or reach out to me on Twitter.