February 23, 2016 By Eitan Worcel 2 min read

Many experts say mobile devices such as smartphones and tablets will replace the PC. Some think this will take a matter of months; others would say a few years. I would argue that both camps are wrong: I believe it has already happened.

“But wait, Eitan! People are still using their laptops — they use them in their office, for doing homework, and you probably used one to write this blog post.” This is true. Like many others, I still use my laptop for work, writing papers or creating blog posts, but I use it much less than I did just a year ago.

The smartphone actually replaced many of my other products, not just the PC. It became my camera, MP3 player, portable video game console, newspaper — and for some, it even replaced the TV. This is why the idea of mobile first was so easily accepted in the industry and why everyone invests in building mobile apps for their business.

It gives you a lot of power when your application is installed in your consumer’s or employee’s phone, regardless of whether your app is focused on social, financial, e-commerce or even health care. Once you push a message, they will check it; most will even do it within minutes. They take your business everywhere.

With Great Power Comes Great Responsibility

If there is something you can be sure of in this industry, it is that the more successful you get and the more people use your application, the more cybercriminals will try to attack it. When your app gets compromised, your business can be catastrophically impacted. According to the “2015 Cost of Data Breach Study” from the Ponemon Institute, the average organizational cost of a data breach in 2015 was $3.8 million.

If a data breach isn’t bad enough, let me share another scary scenario: Vulnerabilities in your application can actually introduce additional risk to your users’ privacy. These vulnerabilities may potentially allow a malicious attacker to take advantage of permissions given to your application to gain access to other areas of the phone. One can only imagine the reputational damage that a business will suffer if users’ private details and pictures are leaked out of their phones via an application flaw.

The Wild West of Mobile Application Security

Once you distribute your application through app stores, you’ve literally placed a part of your business in the hands of your consumers. You have allowed everyone to have access to your business. This is not the same as exposing your business via your company’s website because that is stored in a centralized and trusted environment protected from unauthorized entities.

This new era allows cybercriminals to more easily get to your application’s code and analyze it to find vulnerabilities, making their work much simpler and increasing the risk to your organization. In fact, according to the “2016 State of Application Security” report, 90 percent of the 126 apps tested had at least two critical security vulnerabilities. This is a frightening statistic that reveals the urgency of mobile application security.

More from Application Security

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today