Ever since Apple introduced the iPhone, we have seen dramatic changes in our personal and work lives. Today, mobile devices and tablets are indispensable parts of our everyday lives. Thanks to the rapid innovation in technology and mobile application development, mobile usage trends and consumer behaviour is changing dynamically,
Financial companies & enterprises have begun realizing the importance of mobilizing and empowering their customers & employees. While financial companies are using mobile as a tool to engage their customers and enhance their experience, enterprises are relying on tablets to increase employee productivity and operational efficiency. Enterprises mobility, and also enterprise mobile application management, is becoming more important than ever before.
Enterprises are now deploying mobility solutions to empower their employees with quick access to information, as well as to automate internal processes to reduce manual errors and delays. However, for most enterprises, security remains a major concern and a continuing barrier to the effective implementation of a mobility strategy. This is one of the reasons enterprise mobile application management has become so important.
As financial companies and enterprises have begun to mobilize applications, employees have begun using their own devices to access data and to complete their day to day tasks. On the other hand, customers are also using their enterprise mobile devices to access financial data & carry out banking transactions.
Enterprises are currently at crossroads as they are yet to figure out the best way to manage data security or enterprise mobile application management, as the ecosystem is in a nascent stage and is still evolving. Enterprise mobile application management is an upcoming frontier that needs to be addressed by businesses large and small. The key is to choose an implementation which can enhance user experience without compromising the enterprise security.
Below are some of the top security threats faced by mobile applications, and ones that can be addressed with enterprise mobile application management:
Mobile attacks happen across points
We’ll now take a look at a few cases based on the above mentioned access points:
Client Side Injection
- Applications using browser libraries such as HTML and XML stand several risks
including device compromise and toll fraud
Insecure Data Storage
- Data that is stored locally and that is synced to the cloud – threats due to insecure data storage are 1) loss of confidential data 2) Credential disclosure
Side Channel Data Leakage
This is seen when there are programing flaws along with a scenario when the platform features are disabled. This leads to privacy violations
Reverse engineering of the code
- This is a threat which is still evolving but definitely something to watch out for. If the code of the application is reverse engineered it will enable the hacker to get access to the flow of the application and it will help him or her create a duplicate version
Untrusted Inputs taking Security Decisions
- Malicious apps and client side injections normally cause these type of attacks, which can lead to loss of data (Passwords for example), and privileges
Improper Transport Layer Protection
- Weakly encrypted data might lead to attacks like ‘Man In the Middle’, tampering of data in transit leading to the loss of confidential data.
Improper Session Handling
- Since the sessions are much longer in the case of mobile applications compared to web applications and because mobile applications use HTTP cookies & SSO authentication, the chances of unauthorized access to applications & payments & licenses are high. This is one of the most serious threats
Weak Server Side Controls
- Backend services might not be configured properly which normally affects the integrity of the data being transferred
Poor Authorization and Authentication
- When immutable values (UUID, IMEI, IMSI) are used in the code to develop an app, chances of it being compromised is high. Hence it faces the risk of unauthorized access & privilege escalation
It is the highly recommended to take adequate measures in order to safeguard applications from these threats before they are made available to the customers & employees.
Based on our experience working with a vast client base across verticals, we will be sharing a few best practices to tackle these security issues in our upcoming blog post on enterprise mobile application management.
By Kiran Elengickal
To contact the author, mail to: firstname.lastname@example.org