To follow digitalization trends, you need to protect both end-users and application owners from the unauthorized use of applications. It becomes imperative to make mobile application security one of the key pillars of application development.
When thinking about mobile devices, most people do not perceive them as a real threat factor. In fact, your mobile is constantly at significant risk of being a target of hackers. Pandemic had an enormous impact on digitalization, and consequently, the number of mobile applications also experienced growth. With this growing trend, opportunities for hackers and fraudsters have never been higher. To follow digitalization trends, you need to protect both end-users and application owners from the unauthorized use of applications. It becomes imperative to make mobile application security one of the key pillars of application development. Our product manager Mario Marić will hold a presentation about mobile application security at Technobank on September 23rd. In this article, he shares his view on this topic.
Historically speaking, the first 500 mobile applications became available on Apple App Store in 2008. This was not so long ago. In 2021 Google Play Store and Apple App Store combined offer over 5.5 million applications. The numbers became fairly significant in a relatively short period. With digitalization, along with some other unexpected events such as the global pandemic, usage of mobile applications continues to grow. For example, research has shown that in 2014 average consumer spent 2.5 hours on his mobile phone daily. However, in 2021 consumer spends almost 4 hours on his mobile. Most of that time spend is on using applications. This trend, however, is also seen by cybercriminals who want to take advantage of these numbers on the rise; so in parallel with growth in usage of mobile phones and applications, growth in malicious attacks is also detected.
When talking about mobile applications, people mostly think about user experience, ease of usage, and functionalities. Appearance is also essential for many people. The mobile application's design needs to be in line with the latest trends and requirements by the market. But one thing most people take for granted is the security of their applications. Today, people can make online purchases with their mobile applications. They can trade with their cryptocurrencies and use company applications to access company VPN when working from home or apply for their birth certificate, which contains all the personal data of an individual. Therefore, these applications need to be secure, as well as information stored in them. So, for this world we live in today, I would say that security is, at least, one of the top 3 most important topics when developing a mobile application.
I don't think that mobile application attacks can result in slowing down applications' growth. The trend we are in went too far to be changed based on an increased number of mobile application attacks. Increased usage of mobile applications and mobile application development with its features brought a lot of benefits for everyone using them, and that's for sure a good thing. A much bigger potential issue is the fact that these attacks will not stop, quite the opposite.
So the solution needs to be in implementing security mechanisms that will prevent these attacks from causing real damage to application owners or the application users. Anyone building a mobile application needs to be aware of the threat and act accordingly, given the world we live in. Some solutions can make mobile applications far more secure once they are implemented. ASEE solution for this challenge is a product under the name App Protector. It's an SDK (programming code) that easily implements into any mobile application, and protects the application from the inside.
When talking about the application owner's steps, the key thing is to understand that the threat is real and implement a mechanism that protects the application. The easiest mechanism to implement is an SDK that becomes part of the application and then protects the application in runtime without any additional human intervention. So once the app is built and published, SDK is implemented, anyone who downloads the application will be protected by this mechanism. App Protector is easy to implement, and it does not affect the application in any way; it protects it from a specific set of attacks. To be more precise, App Protector can detect if the application is running on a jailbroken device or if a device is under a hooking attack (compromised device in general); and can prevent these attacks with specific response types to each attack specifically.
In my upcoming presentation, I will try to give a few historical and statistical information on mobile development as an introduction since I think it is always important first to present the context of the subject. After the opening, I will go more in-depth to the main trends and challenges the mobile application niche faces, with an obvious emphasis on security as an essential component of mobile application development. App Protector will have a deserved slide or two, as it is a product that I believe can significantly lower the risk of using any mobile application on a compromised device. The plan is to finalize the presentation with some future considerations to better understand what consequences we might see if mobile application security is not a priority.
If you will not be able to join Mario’s presentation at the Technobank conference; feel free to contact us through the contact form. Mario and all the ASEE team will be happy to assist you.