Mobile Application Security: Risks and Responsibilities

February 23, 2016
| |
2 min read

Many experts say mobile devices such as smartphones and tablets will replace the PC. Some think this will take a matter of months; others would say a few years. I would argue that both camps are wrong: I believe it has already happened.

“But wait, Eitan! People are still using their laptops — they use them in their office, for doing homework, and you probably used one to write this blog post.” This is true. Like many others, I still use my laptop for work, writing papers or creating blog posts, but I use it much less than I did just a year ago.

The smartphone actually replaced many of my other products, not just the PC. It became my camera, MP3 player, portable video game console, newspaper — and for some, it even replaced the TV. This is why the idea of mobile first was so easily accepted in the industry and why everyone invests in building mobile apps for their business.

It gives you a lot of power when your application is installed in your consumer’s or employee’s phone, regardless of whether your app is focused on social, financial, e-commerce or even health care. Once you push a message, they will check it; most will even do it within minutes. They take your business everywhere.

With Great Power Comes Great Responsibility

If there is something you can be sure of in this industry, it is that the more successful you get and the more people use your application, the more cybercriminals will try to attack it. When your app gets compromised, your business can be catastrophically impacted. According to the “2015 Cost of Data Breach Study” from the Ponemon Institute, the average organizational cost of a data breach in 2015 was $3.8 million.

If a data breach isn’t bad enough, let me share another scary scenario: Vulnerabilities in your application can actually introduce additional risk to your users’ privacy. These vulnerabilities may potentially allow a malicious attacker to take advantage of permissions given to your application to gain access to other areas of the phone. One can only imagine the reputational damage that a business will suffer if users’ private details and pictures are leaked out of their phones via an application flaw.

The Wild West of Mobile Application Security

Once you distribute your application through app stores, you’ve literally placed a part of your business in the hands of your consumers. You have allowed everyone to have access to your business. This is not the same as exposing your business via your company’s website because that is stored in a centralized and trusted environment protected from unauthorized entities.

This new era allows cybercriminals to more easily get to your application’s code and analyze it to find vulnerabilities, making their work much simpler and increasing the risk to your organization. In fact, according to the “2016 State of Application Security” report, 90 percent of the 126 apps tested had at least two critical security vulnerabilities. This is a frightening statistic that reveals the urgency of mobile application security.

Eitan Worcel
Product Manager – AppScan Cloud Services, IBM

Eitan Worcel was an experienced developer with years of experience in the area of Application Security testing who has recently crossed sides from the develo...
read more