More Apps Mean More Security Woes - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
Commentary
5/9/2011
03:54 PM
Adam Ely
Adam Ely
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

More Apps Mean More Security Woes

You're not a player unless you play in the mobile space, but if you play insecurely, users may pass you by.

Mobile applications and technology are hot. The iPad was being asset-tagged and added to the corporate network the day it was released. But new platforms bring apps, which in turn bring technology management and security worries. Concern, discussion, and thought surround mobile application security and where we're heading, now that there's an app for everything.

My good friend and security industry colleague Rafal Los (whom I call Raf for short, and since you and I are friends you can too) recently published some of his thoughts on mobile application security on Hewlett-Packard's Application Security Community site. When it comes to application security in general, I agree with Raf's thoughts. To summarize, he points out that a lot of mobile application functionality is driven by server-side code, which takes us back to Web application security practices. When focusing on mobile applications you can't forget about the server-side calls, and if your Web application security practices are in place, you're that much ahead of the game.

I agree with Raf in this context, but the problem of mobile applications is much broader. Let's take a look at the Skype-Android privacy vulnerability. It was found that Skype didn't properly secure instant messages and profile information stored on Android devices, and thus malicious apps, intruders, or anyone who gained enough access to your handset could access these files. This is a problem of the application developers not securing the files, and now Skype developers must fix the oversight and release new code, and users must upgrade. See the statement by Skype in its blog and notice that it attempts to turn attention away from its mistake and focus on the user installing a malicious application. The company could have just said it's in good company since Citibank had a similar flaw. This highlights an area where Web application security practices and the security of the server-side infrastructure don't always protect the user, device, and data.

On top of insecure client-side storage and server-side Web application security, mobile applications must ensure that network transports are secure, since users roam between open wireless networks and are prone to GSM attacks, and AT&T gives the National Security Agency direct network access. (Call me paranoid, but I live next to the building where the secret NSA spying room was found, and Citibank's iPhone app was found to have insecurities.)

I am preparing a report on the state of mobile application security in order to provide insight and practical tips to IT and development teams that are under the gun to develop applications for their companies. In the “there's an app for that” society, you're not a player unless you play in the mobile space. If you play insecurely, though, users may pass you by. We'd like to hear from you on problems, tips, and concerns surrounding mobile application security. Email me at [email protected] or send me a message @adamely on Twitter.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
Why 2021 May Turn Out to be a Great Year for Tech Startups
John Edwards, Technology Journalist & Author,  2/24/2021
News
How GIS Data Can Help Fix Vaccine Distribution
Jessica Davis, Senior Editor, Enterprise Apps,  2/17/2021
Slideshows
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll