Tag: Security.

In this article we discuss the security and data privacy of mobile apps. We’ve learned through our App Review initiative that at least 75% of apps show insecure and vulnerable designs or implementations. Derk Tegeler, Security Director at Service2Media advises our clients in mobile security. Read his short overview of app security and privacy.

Find out why mobile is different from desktop when it comes to security and discover the most important measures you need to take into account.

Mobile vs. Desktop

There are many reasons why security on mobile devices is different from the desktop or the web. Mobile devices are truly mobile. They are used everywhere; in the car, in the train, tram and bus and very often in public spaces. They can be lost, stolen, resold or thrown away, possibly exposing dangerous data to an unintended audience.

After dissecting all the potential dangers we have seen a structure emerging: storage, communication and the apps themselves.

privacy and security for mobile

1. Storage

Data stored on the device should be protected against prying eyes (or apps). This can easily be solved with encryption or by rendering leaked data unusable. Encryption needs to be done carefully and can be a pitfall in itself.

2. Communications

Similar to storage, communicating data through open lines invites its own set of confidentiality problems. Interception, or ‘the man-in-the-middle-attack’, is the number one problem with networks. This can occur due to rogue Wi-Fi hotspots, challenges with the current public key infrastructure and lawful (and less lawful) interception. Mitigation measures exist and should be carefully selected and implemented.

3. Apps

The apps themselves or the libraries apps use are often poorly written and potentially leak data. The paramount user experience requires a different thinking when designing apps, strengthening the need for good threat modelling and novel mitigation measures.

Although not explicitly required by law, this starts with threat modelling, which is nothing more than a formalised security analysis. This model shows the weak points of a system and enables the design of an exhaustive pallet of mitigation measures.

The Law: New European Requirements

Many data protection acts require the app manufacturer to implement ‘appropriate measures’ to protect against loss or leakage of personal data. Upcoming European directives will tighten the requirements with regards to overall responsibility; data location and opt-in. Proposals are under review to levy hefty fines for organisations found to be in breach.

The premise for secure apps is:

Do not trust a mobile device, and if you must, take appropriate measures. We urge you to consider your potential data confidentiality and integrity issues with great care, and rely on experienced mobile players.

More blogs from our Security Director, Derk Tegeler: How to build secure apps – creating a chain of trust (september 2013)

A professional and detailed App Review of a company’s mobile app serves as an industry benchmark for mobile app initiative holders or IT directors. In addition, it is used to optimise the app and prioritise the app’s roadmap. The app review is based on eight parameters: first impression look & feel, navigation, screen real estate, performance, screen orientation, lifecycle completion, security and cross OS comparison.

A wide diversity of companies and app initiative holders, have submitted their apps for review. These apps are both B2C and B2E apps and cover different geographies and industries: insurance, entertainment, news, broadcast, IT, travel, retail and finance.  This diversity raised questions such as: “Does a user require the same security standards for both a media and a financial app?” Does a user want a banking app to look just as “slick” as an A-brand media or news app?

App Reviews Results

Overview of all App Review results 2013

As a result, it is interesting to see that 60% of the mobile applications have security issues. Also, a lot of apps have suboptimal navigation (80%) or look&feel (75%). Another aspect is that many apps still don’t have a proper implementation of a landscape orientation. Apps are often available on iOS and Android only, and frequently, the design and navigation of the app are not optimised to the devices possibilities.

Download an example of an app review performed by our experts for a large company in the financial services industry. It gives an insight on how to benchmark your own app by yourself.

Are you also interested in having your app reviewed? Obtain an app review for free!

Contact get in touch.

Send us a message.

Thanks for your enquiry!

* Please fill all fields correctly.