Platform Identity Management Nederland (PIMN)

PIMN voor beter identity management

7 Things You Need To Know Before Creating Mobile Apps

7-things-you-need-to-know-before-creating-mobile-apps-onegini

Over 80 percent of successful attacks target the application layer (Gartner). In fact, Gartner also reported that security flaws in application software cause 75 percent of all brea....

These numbers are staggering especially when you take into account that mobile apps are experiencing 3 digit growth numbers year over year since 2012.  

So before you jump on the mobile app bandwagon consider the following 7 things to make sure your mobile app won't be an easy target for hackers.  

 

1. Secure Software Development

Start by developing software from a security requirements perspective with a secure software development process to make sure the software is not vulnerable to common threats. Make sure the software is auditable.

 

2. Jailbreak / root detection

Detecting a so called rooted or jail broken device. Such a device is no longer under control of the security sandbox from the OS. Allowing hackers more opportunities to hack the app.

 

3. Payload encryption

Mobile devices send data through the air (WiFi, Cellular) which can easily be sniffed by hackers. To prevent essential data from being read the data needs to be send back and forth in an encrypted way using a secure connection. But to make it even more secure the data itself needs to be encrypted as well, so you'll need to encrypt the encrypted data and that is payload encryption. 

 

4. Debug Detection 

Makes it much more difficult to analyze an app. It disables the option of connecting your mobile phone to your laptop to start debugging the app, preventing the hacker to learn more about the setup of the app.

 

5. Code obfuscation

When the app is lifted from a device and decompiled the code obfuscation makes it is very hard for the hacker to actually read the code.

 

6. Tampering detection

Ensures that only the real app binary works. A hacker would like to interface by introducing changes to an app binary in order to get control over the app. 

 

7. Forced upgrade

One of the main challenges of securing enterprise mobile apps is that you have to support and control so many: operating systems (iOS, Android, Windows Phone), devices, and versions of your app. Even though these versions might be considered secure today, due to new developments these can become unsecured tomorrow. Therefore forced upgrade mechanism allows enterprises to ensure their users are using safe versions.

 

So here you go, 7 things you need to know before creating mobile apps. Keep in mind; the combination of these 7 things won't make your app as secure as fort Knox but it will make it really hard to hack. Most hackers will probably move onto other less secure apps instead. 

 

If you have any thoughts on this you can comment below or reach out to me on Twitter.
Cheers!
Nevlynn

Weergaven: 15

Opmerking

Je moet lid zijn van Platform Identity Management Nederland (PIMN) om reacties te kunnen toevoegen!

Wordt lid van Platform Identity Management Nederland (PIMN)

Doe mee op LinkedIn

Vaker een update en goede mogelijkheid om zichtbaar te zijn.

© 2018   Gemaakt door Jaap Kuipers.   Verzorgd door

Banners  |  Een probleem rapporteren?  |  Algemene voorwaarden