The last thing on our minds when we are creating a new mobile app is security. But the truth is, the attacks on mobile apps are growing by the day. Learn how to make your mobile app secure and avoid a Snapchat hack with tricks, tools, and tips from the pros. The complete guide to keep your mobile app secure the easy way. Transcript: There has been a 163% increase of mobile malware in 2012. 78% of the top 100 Android and iOS apps have been hacked. Less than 5% of popular apps contain professional-grade protections to defend against hacking attacks. Cracked mobile apps are at risk of: • revenue loss (falling currency or dollars) • unauthorized access to critical data • intellectual property theft • fraud • altered user experience • brand damage Riskier apps, the ones that need more security If you have an app that.. • asks for location • collects personal information from users (pics, names, address) • relies on remote servers for storing and manipulating users’ data Apps that don’t require as much security • alarm clocks • local notes • apps that never talks to the web • Maintain updated libraries • Try to use a secure mobile app content management system (CMS) like Joppar Content to send content to users securely • Use an encrypted web address to pull app content from mobile app cms • Secure the server, data, AND app if you’re handling user data DON’T: • Treat content passed in as trusted • Collect or keep data you don’t need • Save user data to NSUserDefaults or SharedPreferences. this saves as plain text! Just add and SDK into your mobile app Make sure you trust the source and check the security • Forget to include https: ‘GET’ and ‘POST’ requests for images, documents, user login credentials, and other commonly transferred data attacks such as disabled or circumvented security, unlocked or modified features,and free pirated copies. More tips from the mobile app security pros: Prateek, Security Researcher for Infosec Institute says… “One thing mobile devs can do now – Make sure important information is not leaked or stored on the device. For e.g, while storing data locally in IOS applications, one should not use NSUserDefaults, Plist files or even Core Data to store important information like access tokens,passwords etc. A better option would be to store it in the keychain, even though it is also not safe in case of a jailbroken device” Things to remember about mobile app security:  • The bigger the user base, the greater the need for strong security There you have it a quick bit on mobile app security, the easy way. But there is always more to learn about mobile. To learn more about mobile app development go to joppar.com. Also, make sure to check out our mobile app optimization tools Joppar Content (our mobile app content management system) and Joppar Switch (our feature switching tool for mobile apps).

1. HOW TO SECURE YOUR
MOBILE APP
THE EASY WAY

2. First, the Facts…

3. 163%
increase of mobile
malware in 2012

4. 78%
of the top 100 Android &
iOS apps have been hacked

5. 5%
of popular apps use
tools to defend against hack
attacks

6. 40%
of popular free iOS
apps

7. AND

8. 80%
of popular free
Android apps

9. were found to be
hacked

10. So why should I care…

11. Cracked mobile apps risk…

12. Revenue Loss
Unauthorized Access
Intellectual Property Theft

13. Fraud
Altered User Experience
Brand Damage

14. Does My App Need
to Be Secure?
YES…but some apps are
at greater risk than others

15. High Risk Apps
•Ask
Location
•Collect
user info
•Remote
servers

16. Low Risk Apps
•Alarm
•To
Clocks
Do Lists
•Offline
Apps

17. If the big guys can’t keep
their mobile app secure,
how can I?

18. DO…

19. Use https:// to get content

20. Maintain updated libraries

21. Use a secure mobile app (CMS)

22. Filter inputs at device level

23. Store in a secure location:
iOS = Built-in Keychain class
Android = Encrypt data

24. DON’T…

25. Treat content passed in as trusted
!
Save to “NSUserDefaults" or
“SharedPreferences"
Forget https: ‘GET’ & ‘POST’

26. Connect to an unsecure backend
!
Use one, static encryption key
!
Skip code reviews with teams

27. What The Pros Have
to Say About This

28. “Make sure to encrypt important
files if stored locally. Also,defend
against operating system
vulnerabilities, e.g. for iOS apps,
defend against runtime analysis.”
–- Prateek Gianchandani
Security Researcher

29. “Don’t keep info that
you aren’t willing to spend
money and time on to protect.
Avoid rolling out your own
authentication, unless security is
your forte of course."
–- Frank Rietta
Web Security Developer

30. sounds like a lot of work...
anything i can do quickly to
secure my app?

31. Secure mobile app
optimization tools

32. Two-Factor
Authentication

33. Discover Code Flaws

34. Things to remember
about mobile app
security

35. The bigger the user base,
the greater the need for
strong security

36. Mobile users lose their
devices, get them stolen,
and let people borrow them.
!
So protect their data!

37. If the NSA has taught us
anything…Nothing is hack
proof or 100% secure

38. OF COURSE THERE’S
A LOT MORE TO LEARN

39. CHECK OUT THIS ANIMATED
SECURITY GUIDE FOR…
MORE TOOLS, TIPS, & TRICKS

40. Mobile App Optimization Tools
Mobile App CMS Mobile App Feature Switching
Send content to your app
users in :27 seconds
A circuit breaker for your mobile app

41. SOURCES:
http://www.mendix.com/think-tank/7-security-compliance-gotchas-in-your-mobile-app-that-you-didnt-think-of-ooops/
http://www.business.ftc.gov/documents/bus83-mobile-app-developers-start-security
http://www.arxan.com/resources/
https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks
http://highaltitudehacks.com/2013/12/17/ios-application-security-part-25-secure-coding-practices-for-iosdevelopment