Smart apps have been built primarily to provide consumers with enthralling functionalities which encourages convenience, ease of use, real time services and many other benefits. Developers essentially want to please customers with the motive of making their app successful. This often leads to giving less importance to security of the application and could jeopardize a customer’s personal or private identity.
There have been many instances in the past, where hackers have been able to weave their way into personal information of users, through various loopholes in applications without them even being aware, destroying businesses in the process. One such way is if sensitive data of users are cached within the app. Whether it’s financially or competitively motivated, hackers will stop at nothing to see that their objective is in place.
What can a hacker access from cached information and how it can be exploited
1. Caching web application data may result in exposure of URL histories, HTTP headers, HTML form inputs, cookies, transaction history and other such web-based data easily being revealed. Although not as easy to access through the mobile as the web, mobile applications still give way to multiple entry channels by storing cached information.
2. Words entered by a user via the keyboard are stored in the Android user dictionary for future auto-correction. The user dictionary is available to any app without requiring any permission and this could lead to sensitive data being leaked. Recorded password and usernames from one app could sometimes be exploited by other apps.
3. Apps may cache camera images which remain available after the app has finished. Cached images pose a threat of leaking personal and private information to hackers which could ruin not only a company’s reputation but also the personal identity of an individual. The recent hack in the iCloud revealed personal and private images of many celebrities which allowed the general public access into their lives. Other threats that could arise out of this are bullying and blackmailing of an individual.
4. Application screens retained in memory enable transaction histories to be viewed by anyone with access to the device who can directly launch the transaction view activity. Malicious applications are sometimes created and launched by hackers. These apps can read data from retained screens of another application which sometimes holds payment transaction history, account number etc.
If you think you are really making it convenient for consumers by caching their data (think again!), there is a bigger price to pay which no convenience is able to compensate for. Convenience can take you only so far, accountability for consumer privacy and security is a key ingredient in making you successful in the long haul.