AppBoard Tuesday – Are Mobile Apps Risky?

By | September 16, 2014
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

At the ‘mystery’ event on the 9th of September at Flint Center, Apple announced that the total number of apps at the iTunes store has officially reached 1.3 million. Google Play Store has a roughly similar number of Android applications as well. Couple these with the available Blackberry and Windows Phone apps – and the total app-count (across platforms) becomes huge indeed. Right from gaming applications and business-related apps, to mobile apps for kids – people hardly think twice before downloading them from the stores. In today’s edition of AppBoard Tuesday, we will focus on a topic that is often glossed over – exactly how risky can a mobile app be? Let’s take a look:

  1. Risks from ‘rooted’ apps – It’s fun to do an iOS jailbreak or ‘root’ an Android device. The former, in particular, gives users access to third-party apps (via Cydia). Two-fold complications can crop up from this apparently great option for smartphone customization. Firstly, rooting a device for installing external apps generally renders all the default warranties null and void (i.e., you do it on your sole responsibility). Secondly, the external apps are often from untrusted sources, and can adversely affect the performance of a handset/tablet.
  2. Risks of unauthorized server-side access – This is something that companies moving their business to the mobile platform for the first-time need to be wary of. When a new mobile application is being created, all the server-side APIs it is connected with can access the inter-business network. It is not particularly difficult for a hacker to steal/misuse such confidential information. The server-side controls (read: security software) need to be really robust, to make sure that creating a mobile business app is safe.
  3. Risks due to absence of Defense-in-Depth – Never heard of this concept? Not a problem – let’s explain. ‘Defense-in-Depth’ is a term that professional mobile app developers use to refer to the layer-wise security measures implemented during the development stages of any app. If the security protocol is violated at any stage, the flaw would be rectified at the next stage. Unfortunately, barring the best mobile app companies across the world, ‘Defense-in-Depth’ is not really considered to be important by developers. As such, there always remains a leeway for malware to make an unwelcome entrance.
  4. Risks of inadequate testing – Okay, maybe not on the iOS platform (the approval procedure is really rigorous here) – but for most Android or Blackberry apps, there are no such security assurance. It’s all very well to find an app that really catches your fancy and looks like it would work fine on your phone. However, it is always advisable to check out the user-reviews for the same first, and contact the concerned app development agency. Unless the standard practices for mobile app testing have been followed, it’s always dicey to install an application.
  5. Risks stemming from blind trust – High-end mobile apps typically have a host of functions, and you do not necessarily have to use all of them (doing so can, in fact, lead to problems). Let’s cite the example of an email client and a third-party document-editing software. When you download an attachment (might be an image, might be a critical official document) and sync it with the app – its confidentiality automatically gets shared. It is never a good idea to share the controls of sensitive mobile data with apps that you have downloaded relatively recently. Consider it this way – the Facebook mobile app allows you to ‘Check In’ at any place, but do you use it all the time?
  6. Risks of malware attacks on business networks – It takes a couple of lines of malicious code to corrupt the entire mobile network of a business. Now, you might be aware of such risks – but that does not mean everyone else in your company have the same awareness as well. If even a single employee downloads and includes a buggy enterprise app in the business network, the entire system can crash. The onus is on you to train your co-workers on the guidelines to follow, while judging if an app is safe for work or not.
  7. Risks from outdated encryption methods – There are several renowned mobile app agencies around the world that still use SHA1, MD5, or similar such outdated methods for app-cryptography. These methods were great once – but the burgeoning number of mobile security threats have rendered them practically useless. Android or iPhone app developers should ideally use 256-bit AES method (or similar such sophisticated techniques) for encryption purposes. A backdated cryptography framework can undermine the activities of an otherwise sincere app company.
  8. Risks of lewd, obscene applications – The iOS platform has a firm stand against any mobile app that has adult-specific connotations/functions/displays. At Blackberry App World and Google Play Store, there are no similar restrictions though. It’s easy to discover a range of double-meaning (and of course, useless) apps, which can best be classified as ‘inappropriate’. These apps may or may not harm your device, but what’s the point of downloading an application that reeks of obscenity?
  9. Risks cropping from data storage – You love it when you are automatically logged in to your favorite mobile shopping app every time (no need to enter passwords each time and all that!), right? What you are overlooking is that – since your password is being stored by the app, it can easily be hacked by connecting (even remotely) the handset with a computer. There are many apps that even store debit/credit card numbers and other financial transaction details. Mobile commerce is on the rise across the globe, and its vital that you look for apps that do not store any personal information.
  10. Risks from apps that ‘leak’ data – Many big companies conduct mobile app marketing, survey studies and similar promotional activities – and not necessarily in a secure way. For instance, a fitness app can monitor the health status of a user on a regular basis. If a hacker gets access to the analytics of that app, (s)he can easily gather other personal health information of the person. Dedicated marketing apps also store name and contact details of a huge pool of prospective customers, and if the security firewalls are not strong enough, the data can fall in the wrong hands.
  11. Risks due to the absence of parental controls – This one is specific to all kids’ apps. With the worldwide proliferation of education technology, there has been a spurt in free Android and iPhone apps for kids – which blend in gaming and educational elements. While it’s obviously a good thing if an app keeps a child happily engaged for prolonged periods, no parent in the world would want his/her ward stay up till – say 3 AM – to read stories on a tablet or a smartphone. Absence of parental controls also opens up the risk of accidental, unnecessary downloads. Make your kid familiar with mobile technology by all means, but ensure that you can monitor his/her activities.
  12. Risks of a free app – Users love freebies (why pay for an app when a similar one is available for free?), and most app developers prefer making free apps as well. Although paid apps have become a minority, so to speak – it is not always advisable to opt for free applications. The latter generally collect revenue in the form of in-app advertisements (which are invariably distracting) and they often collect user-data (mostly for providing personalized services). Many so-called ‘free apps’ also require payments for app updates. There is the chance of malware getting circulated through the mobile ads as well. Once again, be alert, talk with the developers, before actually getting a free app on your phone.

Mobile apps – which, incidentally, outstrip mobile internet in terms of usage by a fairly large margin – have become a part of life, both for casual and professional users. Over the last half a decade or so, people have become increasingly app-savvy, and companies have released zillions of new applications. Even so, it would be way too naive to indiscriminately download any new application that is launched. You should always be aware of the risks we stated here.

 

Okay, that was all we had for this week’s AppBoard Tuesday (ABT). A sneak peek into what’s the buzz is about at our mobile app company now – our developers and designers are currently working on a new restaurant app (iOS), named ‘Tendish’. It should soon be at the store.

 

ABT will return next week, with a new topic, discussed from a fresh perspective. We hope our tidbits, pointers and advice are being of help to all readers. Do send us your feedback, and check out our Facebook page too – for regular updates. From the entire ABT team, see you next Tuesday!

 

Hussain Fakhruddin
Follow me

Hussain Fakhruddin

Hussain Fakhruddin is the founder/CEO of Teknowledge mobile apps company. He heads a large team of app developers, and has overseen the creation of nearly 600 applications. Apart from app development, his interests include reading, traveling and online blogging.
Hussain Fakhruddin
Follow me
 

Leave a Reply

Your email address will not be published. Required fields are marked *