MOBILE APP AND SECURITY THREATS

Mobile applications no doubt, are one of the fastest growing application software in the 21^st century, owing to the sophistication of internet enabled mobile phones and tablets in the world today. To this end, institutions, enterprises and organizations are developing mobile apps in order to reach their target audience or sell their goods and services faster and easier.   Some mobile apps are developed without going through the appropriate procedures i.e applying security  measures during development of the mobile app; hence they are easily hijacked by criminals or vulnerable to all sorts of virus. There aren't any policies or standards policing mobile application development so security flaws are often overlooked when developers don't take the time to review their product. The rush to release approach as the leading source of mobile application threats and vulnerabilities. When an app's development is rushed, it's typically due to customer demand and developer impatience. Implementing security checks and controls for mobile apps can add an average of six weeks to the application development process, and it can take even longer depending on what is found.

Most users may often assume that the mobile apps they download are safe, more than 50% of developers surveyed in a new report admitted to using "shortcuts or temporary solutions" to produce their app faster. The survey showed that nearly 300 mobile app developers and more than 400 consumers illustrated a lack of focus on security during the development process. That lack of focus, along with development shortcuts and common coding errors are creating so many mobile application threats that expert believes, enterprises and users should simply behave as if their devices have already been hacked.

According to the survey, 79% of developers agreed that mobile apps have become a target for cybercrime because of security flaws, and 74% of developers believed that most enterprise mobile apps are "moderately vulnerable" to mobile application threats. Perhaps even more troubling: 96% of developers admitted to using third-party software frameworks that were potentially unsecure.

By rushing their products to the market, experts said, these apps are not secure or ready for public consumption. In addition to a lack of basic security controls and privacy policies, many mobile apps contain glaring mistakes that make them vulnerable to attacks. For example, Kostka, an expert in cyber security, and CEO of Bluebox Security, said two of the more common errors developers often make are exposing the API keys in their apps or leaving their developer menus behind in the code.

Kostka said BYOD security is an issue for all devices and operating systems, and enterprises shouldn't put faith in the OS to protect their data. "We're seeing so many more attacks on iOS devices because it's the most popular platform for enterprises," she said. "You can't just trust the OS. Apple has done a lot of good things with security, but it's not 100% secure. And people think an iOS device has to be jailbroken to be at risk, but that's not true."

All of this adds up to major problems for companies, especially those who have BYOD policies, Kostka said. Using employee-owned mobile devices in the workplace is generally encouraged; however, this means companies have to educate employees about mobile application threats and proper security hygiene. If employees are careless or have insecure mobile apps on their devices, their employer can potentially suffer a breach or theft of sensitive data. Since companies don't have complete control of employees using their own devices for work, company data is at risk.

Bluebox Security which will be available in December is addressing these issues with a new software product called Bluebox for Consumer Apps, which is designed to improve BYOD defenses. The mobile security startup already offers protection for enterprise iOS and Android apps, but Bluebox for Consumer Apps focuses on the non-enterprise applications that often reside on BYOD devices in the enterprise and transforms them into "self-defending apps." Any application available in the Apple App Store or Google Play Store can be uploaded to Bluebox for Consumer Apps, which then applies an application wrapper to the mobile app. The wrapper provides encryption for data at rest, enterprise security policies, anti-tampering measures, mobile threat intelligence and other capabilities. BlueBox said the application wrapping process is simple and requires just a single click, which won't add additional time to the application development cycle. "Time to market is crucial for mobile app developers," she said. "Your app could become irrelevant during that six weeks."

Kostka said most enterprises know that mobile app development falls short on security, but they're not taking enough action to properly protect those apps. "Companies have underinvested in mobile security in a rush to become mobile first, and now the bill is due," she said. "With mobile threats being discovered almost daily, and enterprises losing control over consumer devices, it's only a matter of time before a mobile hack is the root of the next major breach."