App developers beware. Hackers now know that apps lacking robust security controls can be the back door to PCs and enterprise systems. According to the CYREN 2015 Cyber Report, 1,076,390 new android malware were identified in Q1 of 2015 as compared to 790,000 in Q4 of 2014-a 36% increase. So, if your business model involves an app and you don’t want to be the cause of tomorrow’s front-page data breach story, it’s time to start taking security seriously. Here are some of the things we advise our clients to consider when developing and maintaining their app:
Think About Verification
Chances are, someone using your app will lose their phone or have it stolen. Additional odds that one of those phones will not be password protected-a potential goldmine for the would-be hacker. Your app may be the last line of defense. What kind of authentication procedures will you have to prevent unauthorized access? Are strong passwords required? Is two-factor authentication in place? How will failed logins and lost passwords be handled? Will you be able to weave in even newer technologies, such as app coding to block access from jail-broken phone? These are just some of the questions to think about and discuss with your developer before coding begins.
Remember to Plan Storage and Encryption
The storage of unencrypted data on a mobile device should be avoided whenever possible. If local storage is absolutely necessary, make sure data is properly encrypted. Data in transit should be encrypted as well. Apps that allow the transmission of unencrypted or weakly encrypted data create additional vulnerabilities to attack. [Read more…]