Mobile devices are no longer used just to take photos, make calls or send messages, with the advent of ever increasingly more powerful and feature-rich smart phones, mobile solutions like e-wallets open up new avenues such as scanning QR codes to make e-payment, product authentication, e-shopping, fill-up forms etc. Hence, it is paramount for users to ensure that their mobile devices are secure and; to only download and install mobile apps from approved and trusted app stores.
This was what could have happened to an unfortunate 70-year-old retiree. According to media reports published on 13 April 2023. The retiree lost his entire savings after installing a fake Google Play app containing malware. The hacker had transferred S$71,000 of the victim’s savings leaving behind only S$2,000 in his account. On top of that, the hacker had also charged S$6,000 to the victim’s credit card.
This incident demonstrates the importance for mobile application developers to ensure their apps remained secure and has not been compromised by malware. With rapid advancement in technology, even completed, running and verified mobile apps residing in the App Store or Play Store are no longer safe from hackers.
Mobile App Development is not Mobile App Security
Hence, mobile app developers need to remember that mobile app development and mobile app security are relatively distinct areas in the realm of a mobile application lifecycle.
Mobile app development is the process of creating functional apps with planning, designing, coding, testing, and deployment. On the other hand, mobile app security focuses on implementing measures to safeguard the app against unauthorized access, breaches, and attacks with secure coding, authentication, encryption, and vulnerability testing.
Essentially, mobile app development helps to provide a user-friendly experience while mobile security ensures a safe and secure experience.
According to Statista, the number of mobile app downloads has increased from 140 billion from 2016 to 255 billion in 2022. There has also been an 80% increase in app downloads between 2016 to 2022. This could potentially be attributed to the COVID-19 pandemic which had further heightened the growth of apps usage.
Mobile devices are a lucrative target for hackers as it has many points of entry with mobile applications being one of them. On top of that, hackers can also collect personal and financial details from mobile devices.
Mobile App Security
That is why mobile app security is key to keeping both businesses’ and end users’ data and monies safe. Organisations are encouraged to run security testing of their mobile applications before publishing them onto app stores as well as mobile devices to identify potential vulnerabilities.
With i-Sprint’s YESsafe AppProtect+ Solution, organisations can protect themselves and their customers from potential malicious attacks by hackers. The YESsafe AppProtect+ Solution performs Mobile Security App Validation to assess the security controls of mobile devices and applications. From penetration testing to threat modelling, YESsafe AppProtect+ helps to identify potential security vulnerabilities that may put users’ data and privacy at risk.
Below is a list of validation tests that i-Sprint conducts to test against the mobile devices:
|Penetration Testing||Simulating real-world attacks to identify vulnerabilities and gain unauthorized access.|
|Vulnerability Scanning ||Automated scanning for known security vulnerabilities using predefined rules and patterns.|
|Threat Modelling||Systematically identifying potential threats and vulnerabilities during design and development phases.|
|Secure Code Review||Manual inspection of source code for coding errors and security vulnerabilities.|
|Compliance Testing||Verifying adherence to relevant security standards, regulations, and industry best practices.|
|Social Engineering Testing||Testing susceptibility to social engineering attacks such as phishing or pretexting.|
|Periodic Testing||Conducting mobile security validation testing after updating the phone’s operating system to identify and address security gaps.|
Periodic mobile security validation testing, after updates or changes, is crucial to ensure effective security measures, address vulnerabilities, and maintain reliability against evolving threats to protect the app and its users.