Mobile Apps: Owner’s Pride, Hacker’s Gain

Author:

Did you know that a mobile application, on an average has 9 vulnerabilities? Multiply that by the average number of installed applications (26.2) and you end up with an average of 235.8 vulnerabilities. In simple words, there are 235.8 ways for hackers to get inside your phone. Scary, huh?

Hackers can get into your mobile phone, violating data privacy, due to loopholes present right from the app development stage. Apps are usually developed for Android, iOS and Windows platforms. Different versions of the same Operating System (OS) on different devices have a distinctive set of vulnerabilities. Testing the app on each version of the OS is time-consuming, resulting in the production of a lower quality app. Some apps tend to have hidden malware, too. Downloading such apps is an open invitation to hackers to browse private data files. Mobile phone usage has surged in the past couple of years due to better network connectivity and more individuals owning smartphones. However, mobile phones still do not come with a firewall (like a laptop or desktop) and majority of wireless transmissions are not encrypted. Both these together make hacking easier. User-related factors such as easily identifiable passwords & pin numbers, rare use of two factor authentication for sensitive transactions and jail-breaking are factors that contribute to the ease of hacking.

While users are blissfully ignorant of the simple security measures that can be taken at their end, hackers across the globe are busy making quick money, tracking users, their habits/location in real time, scanning contacts, photographs & emails, intercepting calls and distributing illegal material. In fact, a study suggests that at any given time, approximately 1 billion mobile phones are hacked. Could yours be one of them?

Do not panic, though. Awareness about mobile app security is on the increase and more app developers today are opting for security testing for their mobile apps. Apps are being put through rigorous penetration testing to test defences and loopholes. A combination of static, dynamic and forensic testing tools are used in testing programs. Static testing tools observe the app while at rest, dynamic tools observe the behaviour of running systems while forensic tools aid identification of passwords, sensitive data or other unexpected data that might be stored on servers after the app has been run. Users, on their part, should always use secure wireless networks, ensure the use of two-factor authentication and restrict the number of sensitive transactions on their mobile phones. Importantly, users must check for an app’s authenticity before installation.

With mobile apps taking over a lot of our lives, hacking into a mobile phone is like hacking into our life itself! Don’t hand over your life to hackers in this way.