SEWORKS-blog_banner.png

App Security Insights

Many iOS Applications Are Failing To Secure Our Information

Mar 7, 2017 8:55:38 AM / by Sung Cho

Many-iOS-Applications-Are-Failing-To-Secure-Our-Information-Blog-IMG.png

Mobile technology is fast becoming the predominant way in which consumers engage with the internet. One would think that mobile apps are routinely outfitted with security measures effective enough to keep malicious users away from the endless sensitive user data that is transmitted across apps on an ongoing basis. Unfortunately, this is simply not the case, at least not always.

Rather, application security is faltering at an alarming rate, part of an ongoing trend that may very well leave your app -- and your users -- at incredible risk. Here’s a bit more detail on one such problem that underscores the care developers must take in their app’s coding and what you can do to prevent it from affecting your app.

Caught Off Guard

Recent reports have claimed that dozens of mobile apps in the iOS store have fallen prey to attacks that have intercepted user data assumed to be protected by the presence of sophisticated encryption. Will Strafach of Sudo Security Group made the discovery, declaring that 76 apps -- totaling 18 million downloads -- were affected by what was ultimately revealed as a programming error.

Reportedly, the developers for the apps in question misconfigured the networking code, resulting in acceptance of an invalid Transport Layer Security (TLS) certificate which otherwise would have secured the app’s online communication. As it stands, all the apps were vulnerable to any hacker within range of the Wi-Fi signal for a logged device.

Thanks to Sudo’s proprietary security service, Strafach was able to scan and identify the inherent weakness in the affected apps using a proxy to insert an invalid TLS certificate. In addition to the ones that were victim of an attack, hundreds of other apps were earmarked for a “high likelihood of data interception.” More than half of the 76 apps even pertained to organizations such as banks and medical providers, meaning that the data at risk was more sensitive than had initially been expected. The remaining ones only disclosed lesser forms of data, such as email addresses.

As for the solution, that falls to the developers themselves. In most cases, this involves a simple adjustment of the code itself. Strafach cautioned too that developers need to be more cautious when inserting networking code into their app, as it may cause a chain reaction that changes the way an app behaves on a grander scale. Mindfulness, especially when it comes to the delicate art of manipulating code, is always encouraged, since the slightest alteration might have far-reaching repercussions that can unwittingly put your app’s coding and its users at great risk.

Protect What’s Yours

While the fact that application security has been compromised is unfortunate, it simply highlights the utmost importance of remaining vigilant in regards to your app and its coding. Hackers are getting more and more creative with how they invade your programming, and there simply isn’t enough you can do to keep the threat of attack at bay. Increasingly, the responsibility to keep your app safe from those who wish to exploit it falls to you, the developer, rather than the processes you can mindlessly install without offering a second thought.

Thankfully, there are countless measures you can put in place to guard against hackers. Securing your app should always be a top priority, and by taking a few simple actions to restrict access and reinforce the safety of your programming, you could be protecting your app from total destruction at the hands of the malicious users looking to exploit your effort and success in the mobile landscape. Don’t leave your app vulnerable, or yours might be the next story regarding the frailty of the existing security setup.

Cloud Based App Security Start Now

Topics: Mobile App Security

Sung Cho

Written by Sung Cho

VP, Growth & Strategy