Mobile app security: five ways to boost your app’s security
01 June 2017
While business owners across the Windows world weep over the recent crippling WannaCry ransomware attacks, mobile apps remain relatively untouched - for now. But it’s only a matter of time before hackers set their sights on infiltrating the 150+ billion apps sitting on smartphones across the globe. However, with a little planning and forethought, there are several steps you can take to ensure your apps and the infrastructure supporting them aren’t brought down quite so easily by malicious code.
“There’s no such thing as an unhackable piece of software but what you can do is build apps that are as difficult to penetrate as possible,” says Guy Cooper, Managing Director of Melbourne-based mobile app developer Wave Digital. “The first and most simple solution to boosting your app security, of course, is to hire a reputable mobile app developer who understands - and has experience in - mobile security. You see, apps are no longer standalone pieces of software,’’ adds Guy. “They are supported by a range of other technologies and that is where more of the security concerns around app vulnerabilities are. Your app developer must understand this - and have experience in securing mobile software.” These developers will build apps that comply with the latest best practice mobile app security guidelines as published by the Open Web Application Security Project (OWASP). However, even if you’ve had your app built by someone who, perhaps, doesn’t have experience in the field of mobile security, there are other steps you can take to shore up your app’s security.
Perform an app security audit
If you’re not sure about how safe and secure your mobile app is, perform a security audit before it’s too late. Your app developer should be able to do this for you, but if not, there are several third-party services that can perform an app security audit of your Android, Windows or iOs apps, as well as any web-based software. Security audits will assess how vulnerable your app and importantly the back-end infrastructure and databases that support your app are to an attack, as well as the testing of your app’s data transmission, storage and authentication procedures.
Stay up to date
Those most affected by the recent WannaCry hacks hadn’t updated their Windows operating systems with the various security patches and updates the developer, Microsoft, regularly offers. “This same principle applies to all software, including apps,’’ adds Guy Cooper who says that 99 per cent of his clientele now take up the option of ongoing app maintenance including security. By ensuring all the code running your app’s infrastructure is always up to date, your software won’t be as susceptible to many known vulnerabilities, which is exactly what hackers target. “You need to have a maintenance agreement in place with your app developer,’’ adds Guy Cooper. “That way, they’ll continually monitor the information on the software being used for updates and they’ll pro-actively update the various technologies used in your software as new vulnerabilities surface and new patches are released.”
Secure the data
Mobile app security extends to any data connected with it. “Check that all data is being transmitted via SSL, just as a secure website or ecommerce site would do,” says Cooper, “and ensure that all sensitive data stored, be it on the cloud or on your own servers, is encrypted.” Similarly, just as you would regularly change the password on your email, ensure that your business has procedures in place for changing passwords and access to the backend servers that store your app’s data and implementing two-factor authentication where appropriate. If you’ve got an app which stores data on a user’s phone, it is useful to consider how often they are forced to change their password and how often the app forces the user to login again.
Backup the data
WannaCry works by locking users out of their own systems and the only way to regain access is to pay hackers $300 USD (hence the term ransomware). Check that your app developer has put in place appropriate data recovery and backup procedures - and, most importantly, that they’re regularly tested. That way, if anything disastrous happens, like being hit by ransomware, you need only restore your last backup, which will always be a better option than losing everything. Just be sure that these backups are made regularly to minimise any data loss.
Interested in building a secure app? Come and talk to us.