How to deal with mobile security issues

Sandra Parker
5 min readDec 5, 2018

By 2020, the revenue of the mobile application market will reach 188.9 billion dollars, according to Statista. We hardly surprised anyone with this data — you don’t need numbers and stats to see that applications rule the digital world. They are everywhere. I bet you use dozens of apps every day, without even noticing.

Looking at these huge numbers, business owners can’t resist the temptation of investing into mobile application development. It’s a good call — apps are loved by users, they are a great way to connect with a target audience and become a big part of people’s daily routine. However, there are security issues, and oh, are they huge!

Security testing matters

You remember Uber breach? In November 2017, hackers stole 57 million client and driver accounts from company’s app. Not good for the public image, for users, for revenue.

And while media discusses the reasons why it all happened, businessmen look at their projects and wonder: how to make sure a breach doesn’t happen to them? For a company as popular as Uber it’s a big wound but not a fatal one. For a young startup, it might as well be the end.

The thing is, mobile applications got popular not so long time ago. That’s why business owners still overlook the importance of security testing on mobile applications.

Challenges and solutions

Let us say one very important thing. By building an unreliable application, you risk leaking all personal information of your user. Compromising mobile data security is a one-stop-shop for hackers to get all kinds of sensitive information (messages, voicemails, private contacts, photos).

It’s an open access to the constant tracking of physical location via GPS and even eavesdropping on a non-mobile conversation via phone microphone and camera. You got an access to a phone — you got everything.

Challenge 1: Unreliable Malware Detection

Raise your hand who has an antivirus installed on their laptop. Now, on a phone? As you can guess, users don’t really bother with installing protective software on their phones. Even though companies have already understood the importance of improving the mobile app and web security testing, it’s still unpopular among regular customers.

So, when a user downloads an infected file to his computer, the detector will most likely spot the threat and notify the user or even prevent him from interacting with malware. However, when the same thing happens on a phone, a person is unprotected and often even unaware of the threat.

Case in point: Wired made their own research of Android antivirus reliability, evaluated 58 mainstream programs… only to find out that it has a long way to go.

Solution: Develop a malware-detection algorithm in your app. The responsibility of recognizing and eliminating threats now falls on your shoulders since most users don’t have reliable anti-viruses on their devices.

Challenge 2: Not enough security solutions

Again, because the trend on mobile apps is relatively new, the security algorithms are still far from perfect. Most existing tools are adapted from desktop versions, therefore, they don’t take into account the peculiarities of devices. Such software requires a lot of memory to process the threat and even more to eliminate it.

Case in point: The team of researchers in the University of Birmingham found out that the banking apps including Nat-West, HSBC, the Bank of America Health and Co-op, are infected with a serious security flaw. Developers haven’t implemented reliable tools for mobile security, and these apps put 10 million users at risk.

Solution: Build-in own security algorithm into your application at the earliest stage of development.

Challenge 3: Different OSs

Even though mobile operating systems have a lot in common, they are yet drastically different from the security perspective. It’s an important thing to take into consideration while building a cross-platform application.

Case in point: Avast just found new threats for mobile users of Android and iOS. If you plan to develop a cross-OS app or already have one, it’s just about time to think about security protections for both operating systems.

Solution: Get a testing team to review security methods for each platform and develop separate algorithms for each OS.

Challenge 4: mobile security for an enterprise

Mobile market changes all the time — it’s tough to keep up. Companies and IT department regularly face adaptation challenges due to:

  • the constant introduction of new devices — smartphones, tablets, hybrid laptops;
  • rapid upgrades of mobile OS;
  • new digital trends and growing user demands.

Digitizing enterprises in such conditions is difficult. There are many types of devices and OSs, and each one should be protected.

Case in point: A few years ago, Inc. talked about the threat of SMS-hacking and its effect on businesses. The danger is still real. Hackers have already broken into big telephone companies, damaging SS7 protocols through nothing more than a mobile phone. If the government and big corporations suffer so much, imagine what could be the effects for smaller companies?

Solution: We create mobile platforms all the time, and we understood one very important rule. For digitizing the enterprise, the first aspect that needs to be developed is a mobile device management strategy. This way you can:

  • Assure fast device application and deployment;
  • Protect corporate information from leaking;
  • Increase worker efficiency and productivity.

Eliminate security threats along with other types of mobile testing. Engage your developers and testers in strategy building process. The earlier, the better.

Challenge 5: Users’ irresponsible behavior

People don’t care about their phone security much. Not until a data breach happens. Despite the fact that mobile devices store such important information, many users still don’t have passwords on their phones, completely ignoring all ways of protection. Also, let’s not forget that gadgets can get lost or stolen. This poses a big threat to security: a person who obtained a device, has also acquired all personal information.

Case in point: According to the Consumer Reports study, over 30% of users did not take any mobile security measures, with 36% using a 4-digit PIN and only 11% using more complex passwords.

Solution: implementing security at data level. Give users a possibility to control their data via different communication channels and platforms (like a web-profile, email or Skype). If a device is lost or stolen, all the communication stored on a mobile phone can be deleted and deactivated via online services or personal accounts.

Let’s wrap it up

Don’t ignore security issues. Remember, those who fail to plan, plan to fail. Hence, predict threats and eliminate them before something bad actually happens. Cooperate with security testers at the earliest stage of development and engage them in a strategy building process. The mobile application is (or will be) a crucial part of your business so develop it in accordance with marketing objectives.

The only way to implement all the plans is to find a professional testing team. You can dream of everything but QA engineers are the ones to make it real and right.

--

--

Sandra Parker

Head Of Business Development at QArea. I’m passionate about new technologies and how digital changes the way we do business.