Smartphone on our one palm and malware on another! Such is the situation today where 4 out of 10 large companies are not paying heed to the concept and practice of mobile security. The breaches are many, from personal data to GPS locations, to contacts to pictures to even credit card details, and not much legal and strict action is seen! With hackers increasingly developing reverse-engineering apps and releasing them on unofficial stores, or even open-source stores, that’s also increasing the chances of apps being included in the category of those affected by malware or security flaws which could expose consumers to attacks.
“There is a race on for every company to have a mobile app out there,” Caleb Barlow, vice president of mobile management and security at IBM, told CBS MoneyWatch. “At the same time, often they are using less mature developers. If you look at the demographics they are young and ambitious, but they aren’t thinking about security, so security is an afterthought.”
The fact that about half of large organizations have no budget for mobile security is “staggering,” he added.
Based on analysis of seven million mobile apps on both Android and iOS platforms from January to October 2014, security researchers discovered a 500% increase in the number of mobile malware designed to steal financial data. Researchers reviewed popular apps with more than 50,000 downloads to assess their exposure to a common vulnerability, and found that 31% of them were exposed to it. Of those, 18% were in sensitive categories including finance, medical, communication, shopping, health, and productivity.
Barlow also said that while it is the responsibility of the developers to keep their apps secured and safeguard the personal info of the users, even the customers must take responsibility of their data. And there are 2 ways, in his opinion, which can safeguard the users from these vulnerabilities –
a) Be aware of the information you are sharing on the app – An app asking for contact details while accessing map is as unreasonable as a flashlight app asking for GPS location. Thus never should a user share data which isn’t practically applicable to an app. This is one huge reason why there are data breaches.
b) Do not “jailbreak” – Not even for fun and free downloads of paid apps! This leads to hackers getting easy access to the phone and through these free downloads, a lot of malicious substances infiltrate the phone, which the users have no idea about.
Our safety is in our own hands, and what’s there in our palm needs to be protected, for it contains special information about us.
“All of the top 100 apps on Android have hack variants, or a version of the game or banking app that still works but didn’t actually come from the publisher,” Barlow said. Teens and college students “go to store that’s posted the app for free. In many cases what they think are free apps are apps with malware or malicious code.”
In recent case of Ola app threats, the team at Appknox did a remarkable work by letting people know and pushing the boundaries of mobile security, at least in the eyes of the app developers. The review was taken seriously, as a result of which the app revised itself. Mobile Security is an urgency which needs to be addressed asap, before it’s too late!