To support this, Espion has launched a new white paper titled: ‘Securing Mobile Applications’ a best practice guide to making apps safe which outlines the significant risks posed by insecure apps with the potential to unleash financial and reputational damage on businesses.
In recent months, thanks to new tools as well as reduced barriers to entry, app development has become faster and cheaper to execute. Businesses that fail to apply secure robust testing in app design and development risk launching a product that is easy for criminals to exploit for malicious gain or is vulnerable to confidential customer data being leaked or transmitted.
Top of the ways criminals are exploiting flawed apps identified in Espion’s white paper centres on ‘Activity Monitoring and Data Retrieval’. Here criminals track and intercept the victim’s sensitive information by either listening in to their phone calls or watching as they send emails from a mobile. Another cause for concern is ‘User Interface Impersonation’ where a malicious app is unknowingly downloaded instead of a legitimate version or where various malicious UI facades are used. The doppelganger retrieves and sends the attacker the victim’s sensitive information such as online banking login details. Another costly scam is ‘Unauthorised dialing, SMS and payments’ which involves hijacking the victim’s phone with a Trojan app allowing premium rate phone calls and SMS messages to be made.
Espion also outlines other scenarios facing businesses with inadequate app security including: loss of confidential data; disclosure of credentials; privacy violations and breach of compliance. This is because insecure mobile apps can leak device information thus exposing it to third parties or can store sensitive information, in an unencrypted or cache format, making it easier to be compromised.
Mobile app security expert, and senior consultant at Espion, Darren Fitzpatrick says: “With the mobile applications boom in full swing we are urging businesses not to take security shortcuts in the race to use this technology to engage with their customers. Organisations need to realise the onus is on them to apply due diligence to safeguard their app users from
serious breaches of privacy and/or criminal violation.
Whether an app is developed in-house or by a third party, by failing to include robust security testing in the development process they are negating their compliance obligations.”
For IT professionals tasked with launching apps, ‘Securing Mobile Applications’ is an invaluable resource and a unique opportunity to take advantage of Espion’s unrivalled, specialist expertise around effective development and secure deployment. The best practice guidelines in the white paper will enable organisations to mitigate the risks of security breaches as well as meet their governance and compliance obligations.