Do you tell strangers your credit card information when you are at a coffee shop? No, I never would… Do you carry around your social security card every time you leave the house? Who am I, a brute? Of course not. Well, this private information is actually stored in the cell phone you carry around everywhere with you. At this point, if you hadn’t been conscious of the importance of mobile app security, hopefully you’re willing to read along now.
As consumers, we generally fail to realize viable threats and data breaches. Luckily, there is a growing priority on mobile app security, due to these increasing threats. We, at Seamgen, understand the importance of mobile app security and are here to provide some helpful base information for both consumers and app developers.
3 Common Hacks to be Aware of Day-to-Day
Phishing (pronounced like “fishing”) is a term used to describe defrauding activity by cyber criminals posing as a legitimate company. Once these cyber criminals have convinced you of their “false” identity, they capitalize on your false sense of security.
Phishing generally occurs in apps through a question about login credentials. Oftentimes, the hackers appear as the development company behind the mobile application, asking the consumer to confirm their login because of some dire situation. Usually, the personal information request is backed by threats to block their account or charge their credit card if they do not accomplish the phishing task.
Fortunately, there are a couple ways to recognize if you are approached by a phishing scam. The first tell is usually bad grammar or spelling; seriously, these cyber criminals aren’t known for their sentence structure.
The second tell is the threat included. Legitimate companies do not provide ultimatums to you involving your personal information.
The third tell are the shady links that take you away from the application or your email.
If you are still unsure whether you’re in the middle of a phishing scam, it is best to call the company’s customer service line to make sure you aren’t being taken advantage of.
2. Man in the Middle Attack
Man in the Middle Attack is becoming a popular method among hackers nowadays. In this strategy, the attacker intercepts the victim and their internet connection. Upon interception, the attacker can see and modify any personal information while the victim is online.
The most common way for this attack to happen is through false Wifi hotspots. The attacker will set up a Wifi Hotspot through his/her phone or laptop, usually in a public area with a common name. Once the victim connects to this Wifi hotspot, the attacker receives access to everything the victim sees or does.
The best way to prevent this attack from happening is simple. Make sure you are establishing secure connections with trusted Wifi hotspots.
3. Social Engineering
Another common way for cyber criminals to get your information is through social engineering. This method is more personal than the previous two.
Under social engineering, the cyber criminal acts as a con artist. They attempt to get close to you, in order to obtain any personal information hinting at potential passwords or usernames for the mobile apps.
The best way to protect yourself against social engineering is simple, as well. Never give your password, or any hints, out to anyone. It is also important to create strong passwords. For tips on strong passwords, click here.
2 Ways a Developer’s Carelessness Leads to Hacks
1. Passwords Stored in Plain Text
This is an easy mistake for many first-time app developers that have created an app requiring login credentials. If a developer leaves the passwords in plain text, a hacker needs very little information to breach the security and obtain the password.
A recent example of this developer error involved the popular Starbucks app. Starbucks had left all user passwords in plain text, and in 2014, consumers began to realize this worrisome mobile app security flaw.
Although Starbucks resolved the issue before any customers were hacked, the flaw posed a serious threat to many consumer accounts containing payment information. The PR disaster led millions of scared customers to subsequently delete the app, hurting Starbucks’ business in the short-term.
Developers need to ensure passwords and login credentials are encrypted on the server using an iterated cryptographic hash function. This method better protects customers’ mobile app security against data breaches.
2. Insecure Data Storage
Another way for an app to have a data breach starts with the storage itself.
The best way to provide secure storage is to make sure a person is delegated to maintaining the company server. Another option is to rely on a trusted commercial cloud provider such as Amazon Web Services or Microsoft Azure. These companies provide a service that maintains security as they are hosting your content.
If you’re interested in the benefits of the cloud and its providers, we wrote a recent post on the Advantages and Disadvantages of Cloud Computing.
We also wrote a recent article comparing Slack and Microsoft Teams, where we acknowledge Slack’s struggle with data breaches early last year.
Mobile App Security & the Future
With advancing technological trends and thousands of apps produced each day, the need for mobile app security is growing. Just last year, according to Yahoo News, cybersecurity demand increased 100%.
Although Seamgen specializes in uniquely useful apps for our customers, we also recognize the importance of mobile app security; we encourage everyone to stay up-to-date with current cybersecurity demands.
If you made it to the end of this post, thanks for tuning in! Make sure to check out our other blog posts highlighting tech trends and updates.