The Threat in Your Pocket: Mobile App Insecurity

The Threat In Your Pocket: Mobile App Insecurity

In this day and age, there's no shortage of cybersecurity drama. From the hack of the US Office of Personnel Management (OPM) to the disasters at Sony and Target, system security breaches have practically become commonplace.

Recent incidents have also revealed vulnerabilities in commonly used mobile apps as well, such as when 40 apps were found to be malware-infected in Apple's Chinese app store, affecting millions.

I recently attended a talk presented by MobileIron, which discussed some of the 'mobile' security threats that manifest themselves through our smartphones, including:

  • The ability for apps to run malicious code to take control of the device resources like microphones to record conversations and upload them to a server--without the user ever knowing!
  • The ability for hackers to intercept data during transmission between a mobile app and backend servers.
  • The vulnerability of public Wi-Fi networks that most of us end up using at some point--Starbucks, airport, etc.

(Is it just me, or is this post starting to sound a lot like a James Bond movie?)

So what does the average B2E or B2B mobile app user or provider do about all this other than throw up their hands in despair?

A whole host of companies are tackling these challenges in some very interesting ways. For starters, avoiding things like jailbreaking the OS on your device is a simple user-side fix, and as Gartner mentions, most mobile security breaches are a result of misconfiguring apps.

Mobile Application Management companies like Apperian, provide a great software platform that can be used to test/inspect apps and manage all types of policies for those apps in both BYOD and corporate device environments.

This blog post by Apperian nicely summarizes the three categories in which to think about mobile app security.

  • Data at rest (DAR)
  • Data in use (DUI)
  • Data in motion (DIM)

Here's what we're doing at Mi-Corporation to ensure the security of our customers' data as we power their mission-critical workflows:

1. We take great care to ensure data encryption in all our software platforms, at rest within our app containers, and in transmission.

2. All communication between components occurs via HTTPS and can use SSL certificates.

3. We maintain a detailed set of audit trails that can track every ink stroke, value and more on specific devices, locations, and with date/time stamps.

Having passed audits by several large organizations and 3rd party cybersecurity firms, we are comfortable and confident in the ability of our systems to deliver peace of mind to our customers.

More information is available in our Mi-Forms Security Overview if you're looking for a fun bedtime read.

Happy securing!