Each time you install an app, choosing to be ignorant of what actually happens behind the screens, your Smartphone grapples with security issues. Learn how Infomaze takes utmost care while developing its Mobile Apps to give you efficient & secure applications by watching out for these security concerns.
Just like computers, even smartphones have been the targeted for attacks of all kinds. Such attacks typically exploit the data stored in your phone such as text messages, multimedia messages, Wifi Networks, GSM, etc. The Operating System & Browser vulnerabilities are exploited the most. Securing personal and business information on your phone has become a genuine concern.
The top ten recognized security issues in the mobile arena are:
1. Activity monitoring & data retrieval
Risks of such activities include accessing all sent emails from the device to a hidden third party address, listening to all phone calls, and retrieving stored data, contact list or saved email messages.
2. Unauthorized dialing, SMSes, and payments
This includes directly monetizing a compromised device by using the device to make phone calls, send messages and use the SMS text message as a tool to spread malware.
3. Unauthorized network connectivity
Mobile devices are designed for communication. The malicious app can use the email, SMS, bluetooth, DNS, HTTP get/post, etc., to send the data to the attacker.
4. UI impersonation
Malicious app will create a UI that impersonates the phone’s native UI or that of the legitimate app. Victim will be asked to authenticate and he/she ends up sending their credentials to an attacker.
5. System modification (rootkit, APN Proxy config)
Malicious apps can modify the system configuration to hide its presence. This is called rootkit behavior. This also easily paves way for other types of attacks.
6. Logic or time bomb
Logic or Time Bombs are the backdoor techniques that trigger malicious activity based on a specific event (like a payment made from the compromised device), device usage or time.
7. Sensitive data leakage
It is important that the legitimate apps on your phone handle your data effectively. Poorly implemented apps can be used to expose sensitive data like location and owner ID info (name, number, device ID, authentication credentials, etc.,) to third parties.
8. Unsafe sensitive data storage
Mobile apps often save sensitive data such as banking and payment system PIN numbers, credit card numbers, etc. It is always risky to save any password as it is. Sensitive data should always be stored in an encrypted form. Storing sensitive data without encryption on removable media such as SD card is especially never advisable.
9. Unsafe, sensitive data transmission
Encrypting data is important because the attackers will be eavesdropping, and data without encryption is making it even more susceptible to attacks. Mobile devices are more vulnerable as they use wireless communications only and often access public WiFi, which is never secure.
10. Hard-coded passwords/keys
Hard-coded passwords and any other information is many-a-time used as a shortcut by developers to make the application easier to implement, support and debug. But such information can be revealed to attackers quite easily with the technique of reverse engineering, thus making the whole point of a password ineffective.
The next time you download an app from your favorite app store onto your smartphone, be mindful of what permissions you’re giving to that app before you hit ‘INSTALL.’ If you are downloading an app which is supposed to just flash torchlight at you, and is asking permission to handle your calls and text messages, you know that something’s not right.