SlideShare a Scribd company logo

PRESENTATION DATA PROTECTION CONFERENCE ASIAN LEGAL BUSINESS (ALB) 2014 KUALA LUMPUR

Download as PPTX, PDF
Norshidah Mohamed
Norshidah Mohamed

This document outlines privacy and security issues that mobile app developers have overlooked. It notes that 90% of banking apps are exposed to traffic interception, 50% are vulnerable to injections, and 40% do not validate SSL certificates. It discusses how users are often unaware of the extensive permissions granted to apps to access location, contacts, photos and other data. The document calls for privacy impact assessments and standards to define secure development, app store security practices, and responses to security breaches, including cloud-based device management. It aims to provide guidance to protect consumer privacy and business interests.

EducationTechnologyBusiness
1 of 11
Norshidah Mohamed, PhD International Business School http://www.ibs.utm.my Universiti Teknologi Malaysia Kuala Lumpur 17 June, 2014
2 OUTLINE • Data protection issues in mobile apps – what have developers overlooked? • Consumer’s/user’s privacy experience – protect or expose? • Privacy Impact Assessment • Guidance for consumer/user and business
3 WHAT HAVE DEVELOPERS OVERLOOKED? Indicators of some critical vulnerabilities in banking apps: • 90% of apps are exposed to traffic interception (with several non-SSL links) • 50% of apps are vulnerable to JavaScript injections • 40% of apps did not validate the authenticity of SSL certificates Source: http://www.darkreading.com/vulnerabilities---threats/weak-security-in-most-mobile-banking-apps/d/d- id/1141054?
4 USER’S PRIVACY – PROTECT OR EXPOSE? • Competitive ecosystem – Apple iTunes & Android based platform • Most developers are not trained to develop secure apps • Use of cloud-based apps is a trade-off between handing over privacy and download of apps • Research has shown that user is unaware of the implications of giving permission to download an app
5 USER’S PRIVACY – PROTECT OR EXPOSE?.. cont’ • Location, contacts, calendar, reminder, photos – are just some examples that downloaded apps access! • Apps could have been created by fraudsters and loaded with malware • Unsecured WiFi is a toll-free highway for fraudsters to gain access to mobile devices, seize control or gain access to account information.
6 PRIVACY IMPACT ASSESSMENT? What’s being done? De Facto standards that define: • development and test of secure mobile apps? • apps store security practice? • corrective actions on security breach? • cloud-based management that include provisioning, policy, data management of mobile devices
7 PRIVACY IMPACT ASSESSMENT? ? .. cont’ • authentication to several cloud-based providers • ISO? • IT governance framework? • Mobile App Security Working Group
8 SELECTED RECENT CASES & GUIDANCE?
9 SELECTED RECENT CASES & GUIDANCE?
10 SELECTED RECENT CASES & GUIDANCE?
11 THANK YOU norshidah@ic.utm.my

Recommended

OWASP Top 10 2021 - let's take a closer look by Glenn Wilson
OWASP Top 10 2021 - let's take a closer look by Glenn WilsonOWASP Top 10 2021 - let's take a closer look by Glenn Wilson
OWASP Top 10 2021 - let's take a closer look by Glenn WilsonAlex Cachia
 
Security Awareness 9-10-09 v5 Web Browser
Security Awareness 9-10-09 v5 Web BrowserSecurity Awareness 9-10-09 v5 Web Browser
Security Awareness 9-10-09 v5 Web BrowserCatherine MacAllister
 
Infosec for web apps 2014_18november2014
Infosec for web apps 2014_18november2014Infosec for web apps 2014_18november2014
Infosec for web apps 2014_18november2014Directorate of Information Security | Ditjen Aptika
 
Research Group Presentation
Research Group PresentationResearch Group Presentation
Research Group PresentationKunlakan (Jeen) Cherdchusilp
 
Wi-Fi & Smart E-learning Experience at SOA University
Wi-Fi & Smart E-learning Experience at SOA UniversityWi-Fi & Smart E-learning Experience at SOA University
Wi-Fi & Smart E-learning Experience at SOA University4ipnet
 
Eldis 20th Anniversary Workshop 2016: Lightning talk
Eldis 20th Anniversary Workshop 2016: Lightning talkEldis 20th Anniversary Workshop 2016: Lightning talk
Eldis 20th Anniversary Workshop 2016: Lightning talkIDS Knowledge Services
 
T.A.S.C - mobile device secuirty
T.A.S.C - mobile device secuirtyT.A.S.C - mobile device secuirty
T.A.S.C - mobile device secuirtyAdam Radly
 
Coursera android 2014
Coursera android 2014Coursera android 2014
Coursera android 2014Matt Woliver
 

Recommended

OWASP Top 10 2021 - let's take a closer look by Glenn Wilson
OWASP Top 10 2021 - let's take a closer look by Glenn WilsonOWASP Top 10 2021 - let's take a closer look by Glenn Wilson
OWASP Top 10 2021 - let's take a closer look by Glenn WilsonAlex Cachia
 
Security Awareness 9-10-09 v5 Web Browser
Security Awareness 9-10-09 v5 Web BrowserSecurity Awareness 9-10-09 v5 Web Browser
Security Awareness 9-10-09 v5 Web BrowserCatherine MacAllister
 
Infosec for web apps 2014_18november2014
Infosec for web apps 2014_18november2014Infosec for web apps 2014_18november2014
Infosec for web apps 2014_18november2014Directorate of Information Security | Ditjen Aptika
 
Research Group Presentation
Research Group PresentationResearch Group Presentation
Research Group PresentationKunlakan (Jeen) Cherdchusilp
 
Wi-Fi & Smart E-learning Experience at SOA University
Wi-Fi & Smart E-learning Experience at SOA UniversityWi-Fi & Smart E-learning Experience at SOA University
Wi-Fi & Smart E-learning Experience at SOA University4ipnet
 
Eldis 20th Anniversary Workshop 2016: Lightning talk
Eldis 20th Anniversary Workshop 2016: Lightning talkEldis 20th Anniversary Workshop 2016: Lightning talk
Eldis 20th Anniversary Workshop 2016: Lightning talkIDS Knowledge Services
 
T.A.S.C - mobile device secuirty
T.A.S.C - mobile device secuirtyT.A.S.C - mobile device secuirty
T.A.S.C - mobile device secuirtyAdam Radly
 
Coursera android 2014
Coursera android 2014Coursera android 2014
Coursera android 2014Matt Woliver
 
Icbm 2014presentation slides
Icbm 2014presentation slidesIcbm 2014presentation slides
Icbm 2014presentation slidesNorshidah Mohamed
 
Customer Relationship Management Alignment
Customer Relationship Management AlignmentCustomer Relationship Management Alignment
Customer Relationship Management AlignmentNorshidah Mohamed
 
A framework for customer relationship management
A framework for customer relationship managementA framework for customer relationship management
A framework for customer relationship managementVivek Gopan
 
CCSM project establishing & optimizing social media in cs xl case study_march...
CCSM project establishing & optimizing social media in cs xl case study_march...CCSM project establishing & optimizing social media in cs xl case study_march...
CCSM project establishing & optimizing social media in cs xl case study_march...Rudy A. Dalimunthe
 
Customer Success Management ( CSM ) Org Structures by Gainsight
Customer Success Management ( CSM ) Org Structures by GainsightCustomer Success Management ( CSM ) Org Structures by Gainsight
Customer Success Management ( CSM ) Org Structures by GainsightGainsight
 
Customer Relationship Management
Customer Relationship ManagementCustomer Relationship Management
Customer Relationship ManagementDr. Praveen Pillai
 
Managing Customer Service
Managing Customer Service Managing Customer Service
Managing Customer Service Yodhia Antariksa
 
Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
Developing Secure Apps
Developing Secure AppsDeveloping Secure Apps
Developing Secure AppsLivares Technologies Pvt Ltd
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Krisshhna Daasaarii
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessSymantec
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityRapidSSLOnline.com
 
Security system in banks
Security system in banksSecurity system in banks
Security system in banksuniversity of education,Lahore
 
Zabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíZabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíMarketingArrowECS_CZ
 
Security Considerations in Mobile App Development_ Protecting User Data.pdf
Security Considerations in Mobile App Development_ Protecting User Data.pdfSecurity Considerations in Mobile App Development_ Protecting User Data.pdf
Security Considerations in Mobile App Development_ Protecting User Data.pdfBravoSebastian
 
Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Minded Security
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?London School of Cyber Security
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project 99X Technology
 
Building an AppSec Culture
Building an AppSec Culture Building an AppSec Culture
Building an AppSec Culture Nirosh Jayaratnam
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
 

More Related Content

Viewers also liked

Icbm 2014presentation slides
Icbm 2014presentation slidesIcbm 2014presentation slides
Icbm 2014presentation slidesNorshidah Mohamed
 
Customer Relationship Management Alignment
Customer Relationship Management AlignmentCustomer Relationship Management Alignment
Customer Relationship Management AlignmentNorshidah Mohamed
 
A framework for customer relationship management
A framework for customer relationship managementA framework for customer relationship management
A framework for customer relationship managementVivek Gopan
 
CCSM project establishing & optimizing social media in cs xl case study_march...
CCSM project establishing & optimizing social media in cs xl case study_march...CCSM project establishing & optimizing social media in cs xl case study_march...
CCSM project establishing & optimizing social media in cs xl case study_march...Rudy A. Dalimunthe
 
Customer Success Management ( CSM ) Org Structures by Gainsight
Customer Success Management ( CSM ) Org Structures by GainsightCustomer Success Management ( CSM ) Org Structures by Gainsight
Customer Success Management ( CSM ) Org Structures by GainsightGainsight
 
Customer Relationship Management
Customer Relationship ManagementCustomer Relationship Management
Customer Relationship ManagementDr. Praveen Pillai
 
Managing Customer Service
Managing Customer Service Managing Customer Service
Managing Customer Service Yodhia Antariksa
 

Viewers also liked (7)

Icbm 2014presentation slides
Icbm 2014presentation slidesIcbm 2014presentation slides
Icbm 2014presentation slides
 
Customer Relationship Management Alignment
Customer Relationship Management AlignmentCustomer Relationship Management Alignment
Customer Relationship Management Alignment
 
A framework for customer relationship management
A framework for customer relationship managementA framework for customer relationship management
A framework for customer relationship management
 
CCSM project establishing & optimizing social media in cs xl case study_march...
CCSM project establishing & optimizing social media in cs xl case study_march...CCSM project establishing & optimizing social media in cs xl case study_march...
CCSM project establishing & optimizing social media in cs xl case study_march...
 
Customer Success Management ( CSM ) Org Structures by Gainsight
Customer Success Management ( CSM ) Org Structures by GainsightCustomer Success Management ( CSM ) Org Structures by Gainsight
Customer Success Management ( CSM ) Org Structures by Gainsight
 
Customer Relationship Management
Customer Relationship ManagementCustomer Relationship Management
Customer Relationship Management
 
Managing Customer Service
Managing Customer Service Managing Customer Service
Managing Customer Service
 

Similar to PRESENTATION DATA PROTECTION CONFERENCE ASIAN LEGAL BUSINESS (ALB) 2014 KUALA LUMPUR

Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeNational Retail Federation
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or looseBjørn Sloth
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicIBM Security
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessSymantec
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityRapidSSLOnline.com
 
Zabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíZabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíMarketingArrowECS_CZ
 
Security Considerations in Mobile App Development_ Protecting User Data.pdf
Security Considerations in Mobile App Development_ Protecting User Data.pdfSecurity Considerations in Mobile App Development_ Protecting User Data.pdf
Security Considerations in Mobile App Development_ Protecting User Data.pdfBravoSebastian
 
Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Minded Security
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project 99X Technology
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment Mykhailo Antonishyn
 
Proposal Defense Presentation Template.pptx
Proposal Defense Presentation Template.pptxProposal Defense Presentation Template.pptx
Proposal Defense Presentation Template.pptxUsamaAli119043
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...eightbit
 

Similar to PRESENTATION DATA PROTECTION CONFERENCE ASIAN LEGAL BUSINESS (ALB) 2014 KUALA LUMPUR (20)

Boosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk ImperativeBoosting IoT Protection: An Enterprise Risk Imperative
Boosting IoT Protection: An Enterprise Risk Imperative
 
Developing Secure Apps
Developing Secure AppsDeveloping Secure Apps
Developing Secure Apps
 
Appsecurity, win or loose
Appsecurity, win or looseAppsecurity, win or loose
Appsecurity, win or loose
 
Case Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographicCase Closed with IBM Application Security on Cloud infographic
Case Closed with IBM Application Security on Cloud infographic
 
Mobile Apps Security Testing -1
Mobile Apps Security Testing -1Mobile Apps Security Testing -1
Mobile Apps Security Testing -1
 
Top Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your businessTop Seven Risks of Enterprise Mobility - How to protect your business
Top Seven Risks of Enterprise Mobility - How to protect your business
 
Evaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise MobilityEvaluate Top Seven Risks of Enterprise Mobility
Evaluate Top Seven Risks of Enterprise Mobility
 
Security system in banks
Security system in banksSecurity system in banks
Security system in banks
 
Zabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředíZabezpečení mobilních zařízení ve firemním prostředí
Zabezpečení mobilních zařízení ve firemním prostředí
 
Security Considerations in Mobile App Development_ Protecting User Data.pdf
Security Considerations in Mobile App Development_ Protecting User Data.pdfSecurity Considerations in Mobile App Development_ Protecting User Data.pdf
Security Considerations in Mobile App Development_ Protecting User Data.pdf
 
Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016Matteo meucci Software Security - Napoli 10112016
Matteo meucci Software Security - Napoli 10112016
 
Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?Application Hackers Have A Handbook. Why Shouldn't You?
Application Hackers Have A Handbook. Why Shouldn't You?
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project
 
Building an AppSec Culture
Building an AppSec Culture Building an AppSec Culture
Building an AppSec Culture
 
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015
 
Standards and methodology for application security assessment
Standards and methodology for application security assessment Standards and methodology for application security assessment
Standards and methodology for application security assessment
 
Proposal Defense Presentation Template.pptx
Proposal Defense Presentation Template.pptxProposal Defense Presentation Template.pptx
Proposal Defense Presentation Template.pptx
 
Cyber Ed
Cyber EdCyber Ed
Cyber Ed
 
RiskAssessmentReport
RiskAssessmentReportRiskAssessmentReport
RiskAssessmentReport
 
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
Online Retailer's Conference 2013 - Hacking Mobile Applications - Industry Ca...
 

More from Norshidah Mohamed

Information Systems Integration - WSEAS E-activities, Nanjing PRC
Information Systems Integration - WSEAS E-activities, Nanjing PRCInformation Systems Integration - WSEAS E-activities, Nanjing PRC
Information Systems Integration - WSEAS E-activities, Nanjing PRCNorshidah Mohamed
 
Knowledge quality - antecedents and impacts - WSEAS E-activities Nanjing, PRC
Knowledge quality - antecedents and impacts - WSEAS E-activities Nanjing, PRCKnowledge quality - antecedents and impacts - WSEAS E-activities Nanjing, PRC
Knowledge quality - antecedents and impacts - WSEAS E-activities Nanjing, PRCNorshidah Mohamed
 
WSEAS E-activities Plenary Lecture Nanjing, PRC 2013
WSEAS E-activities Plenary Lecture Nanjing, PRC 2013WSEAS E-activities Plenary Lecture Nanjing, PRC 2013
WSEAS E-activities Plenary Lecture Nanjing, PRC 2013Norshidah Mohamed
 
Customer Relationship Management Alignment and Performance
Customer Relationship Management Alignment and PerformanceCustomer Relationship Management Alignment and Performance
Customer Relationship Management Alignment and PerformanceNorshidah Mohamed
 
Citizen Relationship Management
Citizen Relationship ManagementCitizen Relationship Management
Citizen Relationship ManagementNorshidah Mohamed
 
Presentation wseaskl acacos_4_april2013
Presentation wseaskl acacos_4_april2013Presentation wseaskl acacos_4_april2013
Presentation wseaskl acacos_4_april2013Norshidah Mohamed
 
Knowledge SPA IBS Seminar Series
Knowledge SPA IBS Seminar Series Knowledge SPA IBS Seminar Series
Knowledge SPA IBS Seminar Series Norshidah Mohamed
 
Computer Application Anxiety, Self-Efficacy and Open Source Learning Manageme...
Computer Application Anxiety, Self-Efficacy and Open Source Learning Manageme...Computer Application Anxiety, Self-Efficacy and Open Source Learning Manageme...
Computer Application Anxiety, Self-Efficacy and Open Source Learning Manageme...Norshidah Mohamed
 

More from Norshidah Mohamed (10)

Information Systems Integration - WSEAS E-activities, Nanjing PRC
Information Systems Integration - WSEAS E-activities, Nanjing PRCInformation Systems Integration - WSEAS E-activities, Nanjing PRC
Information Systems Integration - WSEAS E-activities, Nanjing PRC
 
Knowledge quality - antecedents and impacts - WSEAS E-activities Nanjing, PRC
Knowledge quality - antecedents and impacts - WSEAS E-activities Nanjing, PRCKnowledge quality - antecedents and impacts - WSEAS E-activities Nanjing, PRC
Knowledge quality - antecedents and impacts - WSEAS E-activities Nanjing, PRC
 
WSEAS E-activities Plenary Lecture Nanjing, PRC 2013
WSEAS E-activities Plenary Lecture Nanjing, PRC 2013WSEAS E-activities Plenary Lecture Nanjing, PRC 2013
WSEAS E-activities Plenary Lecture Nanjing, PRC 2013
 
Customer Relationship Management Alignment and Performance
Customer Relationship Management Alignment and PerformanceCustomer Relationship Management Alignment and Performance
Customer Relationship Management Alignment and Performance
 
Citizen Relationship Management
Citizen Relationship ManagementCitizen Relationship Management
Citizen Relationship Management
 
Presentation wseaskl acacos_4_april2013
Presentation wseaskl acacos_4_april2013Presentation wseaskl acacos_4_april2013
Presentation wseaskl acacos_4_april2013
 
Knowledge SPA IBS Seminar Series
Knowledge SPA IBS Seminar Series Knowledge SPA IBS Seminar Series
Knowledge SPA IBS Seminar Series
 
Symposium 28 june 2011
Symposium 28 june 2011Symposium 28 june 2011
Symposium 28 june 2011
 
Computer Application Anxiety, Self-Efficacy and Open Source Learning Manageme...
Computer Application Anxiety, Self-Efficacy and Open Source Learning Manageme...Computer Application Anxiety, Self-Efficacy and Open Source Learning Manageme...
Computer Application Anxiety, Self-Efficacy and Open Source Learning Manageme...
 
Social Network Sites (SNS)
Social Network Sites (SNS)Social Network Sites (SNS)
Social Network Sites (SNS)
 

Recently uploaded

PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 

Recently uploaded (20)

PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 

PRESENTATION DATA PROTECTION CONFERENCE ASIAN LEGAL BUSINESS (ALB) 2014 KUALA LUMPUR

  • 1. Norshidah Mohamed, PhD International Business School http://www.ibs.utm.my Universiti Teknologi Malaysia Kuala Lumpur 17 June, 2014
  • 2. 2 OUTLINE • Data protection issues in mobile apps – what have developers overlooked? • Consumer’s/user’s privacy experience – protect or expose? • Privacy Impact Assessment • Guidance for consumer/user and business
  • 3. 3 WHAT HAVE DEVELOPERS OVERLOOKED? Indicators of some critical vulnerabilities in banking apps: • 90% of apps are exposed to traffic interception (with several non-SSL links) • 50% of apps are vulnerable to JavaScript injections • 40% of apps did not validate the authenticity of SSL certificates Source: http://www.darkreading.com/vulnerabilities---threats/weak-security-in-most-mobile-banking-apps/d/d- id/1141054?
  • 4. 4 USER’S PRIVACY – PROTECT OR EXPOSE? • Competitive ecosystem – Apple iTunes & Android based platform • Most developers are not trained to develop secure apps • Use of cloud-based apps is a trade-off between handing over privacy and download of apps • Research has shown that user is unaware of the implications of giving permission to download an app
  • 5. 5 USER’S PRIVACY – PROTECT OR EXPOSE?.. cont’ • Location, contacts, calendar, reminder, photos – are just some examples that downloaded apps access! • Apps could have been created by fraudsters and loaded with malware • Unsecured WiFi is a toll-free highway for fraudsters to gain access to mobile devices, seize control or gain access to account information.
  • 6. 6 PRIVACY IMPACT ASSESSMENT? What’s being done? De Facto standards that define: • development and test of secure mobile apps? • apps store security practice? • corrective actions on security breach? • cloud-based management that include provisioning, policy, data management of mobile devices
  • 7. 7 PRIVACY IMPACT ASSESSMENT? ? .. cont’ • authentication to several cloud-based providers • ISO? • IT governance framework? • Mobile App Security Working Group