Mobile App Security – Be-aware end users.

You hear that Android is open source and  developers all over world have a chance to create creative and innovative apps. You download different apps to experiment. Some apps get used regularly and some apps used only once and some not even once. You end up with quite few apps installed on the device. Do these apps make you vulnerable for security attacks?.

Security vulnerability is not limited only to android. Being an open source system, hackers easily find a predictable method to break-in android using the few regular actions performed by end user( end-user assumes security is granted). This applies to either consumer app or enterprise app.

  • Be aware of risks to install unknown third party app:  In simple wallpaper app and complex native app, application may request user permissions on the device to allow device to perform  restrictive actions. These third party apps are good host for third party hacks. You installed app lured or introduced thru social networks.
  • Be aware of Cloned Version of app present : On searching for app with name of specific brand, You find there are multiple Cloned version of app in app store search results. In hurry, you install one which you consider correct one. What happens when installed app is wrong one?  When user enters data in this app, the data directly goes to hackers. More than 50% of market place android apps have cloned versions.
  • Insecure wi-fi You happily connected to insecure wi-fi in public places like cafe, malls and airport. As you did not take special precautions to use a hot spot, an  attacker may sit in and eavesdrop on the data being passed from the app or inject malicious data in to your device through insecure wi-fi
  • Devices do not encrypt internet and local network communications. Even when wi-fi is security safe, the network faults can impact you.
  • Software updates are not downloaded securely, enabling attackers to intercept what gets downloaded. By adding malicious code, hacker can attempt to gain access to track all user activities on the device.
  • Access to latest software in device When security flaws are found in mobile OS, patches are released to secure your device. Some of you would claim that mobile carrier has assured download of latest updates. Be warned to fact that most devices don’t receive the fix right away, if ever, manufacturers are notoriously slow in providing updates and are also delayed by lengthy internal testing prior to software’s official release.
  • Session left active when app exited. You have been happy that you were asked to login to app only first time and then there was no need to login again.  Be prepared that closure of app does not mean that app is logged out of the server and session is valid. Any attacker can pick up this valid session and steal data, funds or merchandise stored in server.