Your SlideShare is downloading. ×
0
HOW TO SECURE YOUR

MOBILE APP

THE EASY WAY
First, the Facts…
163%
increase of mobile
malware in 2012
78%
of the top 100 Android &
iOS apps have been hacked
5%
of popular apps use
tools to defend against hack
attacks
40%
of popular free iOS
apps
AND
80%
of popular free
Android apps
were found to be
hacked
So why should I care…
Cracked mobile apps risk…
Revenue Loss
Unauthorized Access
Intellectual Property Theft
Fraud
Altered User Experience
Brand Damage
Does My App Need
to Be Secure?
YES…but some apps are
at greater risk than others
High Risk Apps
•Ask

Location

•Collect

user info

•Remote

servers
Low Risk Apps
•Alarm
•To

Clocks

Do Lists

•Offline

Apps
If the big guys can’t keep
their mobile app secure,
how can I?
DO…
Use https:// to get content
Maintain updated libraries
Use a secure mobile app (CMS)
Filter inputs at device level
Store in a secure location:
iOS = Built-in Keychain class
Android = Encrypt data
DON’T…
Treat content passed in as trusted
!

Save to “NSUserDefaults" or
“SharedPreferences"
Forget https: ‘GET’ & ‘POST’
Connect to an unsecure backend
!

Use one, static encryption key
!

Skip code reviews with teams
What The Pros Have
to Say About This
“Make sure to encrypt important
files if stored locally. Also,defend
against operating system
vulnerabilities, e.g. for iOS...
“Don’t keep info that
you aren’t willing to spend
money and time on to protect.
Avoid rolling out your own
authentication,...
sounds like a lot of work...
anything i can do quickly to
secure my app?
Secure mobile app
optimization tools
Two-Factor
Authentication
Discover Code Flaws
Things to remember
about mobile app
security
The bigger the user base,
the greater the need for
strong security
Mobile users lose their
devices, get them stolen,
and let people borrow them.
!

So protect their data!
If the NSA has taught us
anything…Nothing is hack
proof or 100% secure
OF COURSE THERE’S
A LOT MORE TO LEARN
CHECK OUT THIS ANIMATED
SECURITY GUIDE FOR…

MORE TOOLS, TIPS, & TRICKS
Mobile App Optimization Tools

Mobile App CMS Mobile App Feature Switching
Send content to your app
users in :27 seconds

...
SOURCES:
http://www.mendix.com/think-tank/7-security-compliance-gotchas-in-your-mobile-app-that-you-didnt-think-of-ooops/
...
Upcoming SlideShare
Loading in...5
×

How to Secure Your Mobile App the Easy Way

988

Published on

The last thing on our minds when we are creating a new mobile app is security. But the truth is, the attacks on mobile apps are growing by the day. Learn how to make your mobile app secure and avoid a Snapchat hack with tricks, tools, and tips from the pros. The complete guide to keep your mobile app secure the easy way.

Transcript:
There has been a 163% increase of mobile malware in 2012. 78% of the top 100 Android and iOS apps have been hacked. Less than 5% of popular apps contain professional-grade protections to defend against hacking attacks.

Cracked mobile apps are at risk of:
• revenue loss (falling currency or dollars)
• unauthorized access to critical data
• intellectual property theft
• fraud
• altered user experience
• brand damage
Riskier apps, the ones that need more security
If you have an app that..
• asks for location
• collects personal information from users (pics, names, address)
• relies on remote servers for storing and manipulating users’ data
Apps that don’t require as much security
• alarm clocks
• local notes
• apps that never talks to the web
• Maintain updated libraries
• Try to use a secure mobile app content management system (CMS) like Joppar Content to send content to users securely
• Use an encrypted web address to pull app content from mobile app cms
• Secure the server, data, AND app if you’re handling user data
DON’T:
• Treat content passed in as trusted
• Collect or keep data you don’t need
• Save user data to NSUserDefaults or SharedPreferences. this saves as plain text! Just add and SDK into your mobile app Make sure you trust the source and check the security
• Forget to include https: ‘GET’ and ‘POST’ requests for images, documents, user login credentials, and other commonly transferred data
attacks such as disabled or circumvented security, unlocked or modified features,and free pirated copies.
More tips from the mobile app security pros:
Prateek, Security Researcher for Infosec Institute says…
“One thing mobile devs can do now – Make sure important information is not leaked or stored on the device. For e.g, while storing data locally in IOS applications, one should not use NSUserDefaults, Plist files or even Core Data to store important information like access tokens,passwords etc. A better option would be to store it in the keychain, even though it is also not safe in case of a jailbroken device”
Things to remember about mobile app security: 
• The bigger the user base, the greater the need for strong security
There you have it a quick bit on mobile app security, the easy way. But there is always more to learn about mobile.

To learn more about mobile app development go to joppar.com. Also, make sure to check out our mobile app optimization tools Joppar Content (our mobile app content management system) and Joppar Switch (our feature switching tool for mobile apps).

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
988
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "How to Secure Your Mobile App the Easy Way"

  1. 1. HOW TO SECURE YOUR MOBILE APP THE EASY WAY
  2. 2. First, the Facts…
  3. 3. 163% increase of mobile malware in 2012
  4. 4. 78% of the top 100 Android & iOS apps have been hacked
  5. 5. 5% of popular apps use tools to defend against hack attacks
  6. 6. 40% of popular free iOS apps
  7. 7. AND
  8. 8. 80% of popular free Android apps
  9. 9. were found to be hacked
  10. 10. So why should I care…
  11. 11. Cracked mobile apps risk…
  12. 12. Revenue Loss Unauthorized Access Intellectual Property Theft
  13. 13. Fraud Altered User Experience Brand Damage
  14. 14. Does My App Need to Be Secure? YES…but some apps are at greater risk than others
  15. 15. High Risk Apps •Ask Location •Collect user info •Remote servers
  16. 16. Low Risk Apps •Alarm •To Clocks Do Lists •Offline Apps
  17. 17. If the big guys can’t keep their mobile app secure, how can I?
  18. 18. DO…
  19. 19. Use https:// to get content
  20. 20. Maintain updated libraries
  21. 21. Use a secure mobile app (CMS)
  22. 22. Filter inputs at device level
  23. 23. Store in a secure location: iOS = Built-in Keychain class Android = Encrypt data
  24. 24. DON’T…
  25. 25. Treat content passed in as trusted ! Save to “NSUserDefaults" or “SharedPreferences" Forget https: ‘GET’ & ‘POST’
  26. 26. Connect to an unsecure backend ! Use one, static encryption key ! Skip code reviews with teams
  27. 27. What The Pros Have to Say About This
  28. 28. “Make sure to encrypt important files if stored locally. Also,defend against operating system vulnerabilities, e.g. for iOS apps, defend against runtime analysis.” –- Prateek Gianchandani Security Researcher
  29. 29. “Don’t keep info that you aren’t willing to spend money and time on to protect. Avoid rolling out your own authentication, unless security is your forte of course." –- Frank Rietta Web Security Developer
  30. 30. sounds like a lot of work... anything i can do quickly to secure my app?
  31. 31. Secure mobile app optimization tools
  32. 32. Two-Factor Authentication
  33. 33. Discover Code Flaws
  34. 34. Things to remember about mobile app security
  35. 35. The bigger the user base, the greater the need for strong security
  36. 36. Mobile users lose their devices, get them stolen, and let people borrow them. ! So protect their data!
  37. 37. If the NSA has taught us anything…Nothing is hack proof or 100% secure
  38. 38. OF COURSE THERE’S A LOT MORE TO LEARN
  39. 39. CHECK OUT THIS ANIMATED SECURITY GUIDE FOR… MORE TOOLS, TIPS, & TRICKS
  40. 40. Mobile App Optimization Tools Mobile App CMS Mobile App Feature Switching Send content to your app users in :27 seconds A circuit breaker for your mobile app
  41. 41. SOURCES: http://www.mendix.com/think-tank/7-security-compliance-gotchas-in-your-mobile-app-that-you-didnt-think-of-ooops/ http://www.business.ftc.gov/documents/bus83-mobile-app-developers-start-security http://www.arxan.com/resources/ https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks http://highaltitudehacks.com/2013/12/17/ios-application-security-part-25-secure-coding-practices-for-iosdevelopment
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×