Mobile application security and its impact.

Mobile applications are increasingly indispensable for everyday life, but what about security in these applications?

The habituation of humans towards cell phones and devices in general has had an uncontrolled increase together with the development of new technologies that make some daily functions easier. According to the statistics of “Situation global mobile 2020” 67% of the world’s population owns a cell phone. Of the electronic devices, cell phones are the most developed in terms of innovation and technology. Currently people depend almost entirely on cell phones to perform certain daily tasks, such as scheduling things, watching the news, using reminders, among other things. Therefore, mobile applications take as a motivation these daily tasks in conjunction with many other functions, in order to innovate in the creation and updating of applications for the facilitation of daily life. Taking the above as a reference, we will see what mobile applications are about, their evolution, as well as the risks and how we can keep ourselves safe.

What are mobile applications?

In a simple way, mobile applications are programs specifically designed for mobile electronic devices, whether they are cell phones, tablets or other devices. These programs provide users with a series of functions that range from professional use, such as applications for the performance of tasks. Educational use, such as language teaching platforms, children’s classes, etc. To recreational and social use, such as social networks, games among many other categories.

The origin of mobile applications goes back to the 90s, at the end of that time there were very different applications from the ones we know today. These were applications for analog phones. Phonebooks, games such as the classic “snake” and ringtone editors, were considered applications for their time since they meant a great advance in cell phone technology for that time. After this, phones continued to evolve, but with this, restrictions were added by the developers in terms of accessibility, which restricted the incorporation of external elements.  However, in 2007 the Apple corporation changed the rules of the game by introducing the iPhone, this meant a big change and the beginning of a trend in terms of application innovation with the arrival of the App Store.

Mobile applications depend on certain features such as the operating system, some of the most famous are:

  • Android
  • IOS
  • Windows phone
  • Blackberry
  • Firefox O.S

Depending on the operating systems that the devices have, the application stores will depend on them. In the same way, some of the most relevant application stores are:

  • Google play (Android)
  • App Store (Apple)
  • Windows phone store
  • Blackberry world
  • Amazon Appstore 

When these applications are downloaded and installed in the mobile devices, they depend on certain functions of that device to execute their objectives, depending on the occupation of the application, permission will be requested for access to the function of the device, some may be: the contact list, call log, calendar, camera, microphone, GPS, among others.

Security in mobile applications.

Defining mainly what a security threat is, it refers to the possibility of an event that could exploit a vulnerability to corrupt the security of a system, either accidentally or intentionally. As for mobile devices, they include an operating system just like computers, so they can also suffer from threats and have vulnerabilities that can be exploited to cause damage. The threats that are directed at mobile devices can be physical, based on their palpable structure, or they can be in software, these threats can compromise the data that is found in these devices, whether they are phones, tablets or other mobile devices.
As for the threats that can target intelligent mobile devices, these are very varied. Below is a list of the threats that can affect mobile devices, including:

Information theft: These focus on unauthorized access to the victim’s personal data, which can be used for malicious purposes. Among the information that can be stolen are:

  • Audiovisual content, such as images, videos, audios, documents, conversations.
  • Contacts
  • Navigation history
  • Call log
  • Passwords or application data.

Impersonation: their objective is to search for sensitive applications and try to steal credentials or accounts. Some of these are done through:

  • Redirecting text messages
  • Sending spam by email, attaching malicious files
  • Publications in social networks

Surveillance: This involves remotely monitoring the activities that the victim is frequenting without their consent, by obtaining data such as:

  • Recording of videos
  • Audios
  • Screen capture
  • Location

The ways in which cyber-crooks attack mobile devices have many variants, including, for example, system vulnerability, which focuses on flaws in the programming of the operating system that can affect the properties of some functions, in this case confidentiality and security systems.

Attacks based on social engineering are also common in mobile applications. In this case, they attempt to persuade the user to voluntarily install malicious applications or give away sensitive information. In this case, cyber-crooks tend to impersonate the administrators of certain real applications, providing them with authentication pages that are exactly the same as those used in these applications.

Other common attacks on mobile devices are through public Wi-Fi networks, which normally tend to be insecure as they allow “man in the middle” (MitM) attacks that compromise sensitive information of users connected to the network.

How can we keep our applications safe?

As we know, our mobile devices store much of our sensitive information, which can potentially be stolen and harm us in different ways. Therefore, there are some recommendations to safeguard the security of our mobile devices and applications, some of which are:

  • Keep your device updated with the latest versions.
  • Make regular backups in case of information or device theft.
  • Do not install suspicious applications or those created by unknown companies, you can check the comments and score of the application to be more secure.
  • Use the device’s data encryption options.
  • Use malware detection applications and update them periodically.
  • Use secure and different passwords for access to each application.
  • When selling the device, be sure to delete all personal information that you may have, for this the best option is to format it or restore it from the factory.
  • Use applications to manage your passwords, if possible link them to the fingerprint reader to be more secure.
  • Keep the default security patches that include the mobile device software update.

Interesting related articles: Should companies fix low rated vulnerabilities? 

Other articles that may interest you: Juice-Jacking and the dangers of public charge.

 

Scroll Up