Mobile devices are no longer used just to take photos, make calls or send messages, with the advent of ever increasingly more powerful and feature-rich smart phones, mobile solutions like e-wallets open up new avenues such as scanning QR codes to make e-payment, product authentication, e-shopping, fill-up forms etc. Hence, it is paramount for users to ensure that their mobile devices are secure and; to only download and install mobile apps from approved and trusted app stores.

This was what could have happened to an unfortunate 70-year-old retiree. According to media reports published on 13 April 2023. The retiree lost his entire savings after installing a fake Google Play app containing malware. The hacker had transferred S$71,000 of the victim’s savings leaving behind only S$2,000 in his account. On top of that, the hacker had also charged S$6,000 to the victim’s credit card.

This incident demonstrates the importance for mobile application developers to ensure their apps remained secure and has not been compromised by malware. With rapid advancement in technology, even completed, running and verified mobile apps residing in the App Store or Play Store are no longer safe from hackers.

Mobile App Development is not Mobile App Security

Hence, mobile app developers need to remember that mobile app development and mobile app security are relatively distinct areas in the realm of a mobile application lifecycle.

Mobile app development is the process of creating functional apps with planning, designing, coding, testing, and deployment. On the other hand, mobile app security focuses on implementing measures to safeguard the app against unauthorized access, breaches, and attacks with secure coding, authentication, encryption, and vulnerability testing.

Essentially, mobile app development helps to provide a user-friendly experience while mobile security ensures a safe and secure experience.

According to Statista, the number of mobile app downloads has increased from 140 billion from 2016 to 255 billion in 2022. There has also been an 80% increase in app downloads between 2016 to 2022. This could potentially be attributed to the COVID-19 pandemic which had further heightened the growth of apps usage.

Mobile devices are a lucrative target for hackers as it has many points of entry with mobile applications being one of them. On top of that, hackers can also collect personal and financial details from mobile devices.

Mobile App Security

That is why mobile app security is key to keeping both businesses’ and end users’ data and monies safe. Organisations are encouraged to run security testing of their mobile applications before publishing them onto app stores as well as mobile devices to identify potential vulnerabilities.

With i-Sprint’s YESsafe AppProtect+ Solution, organisations can protect themselves and their customers from potential malicious attacks by hackers. The YESsafe AppProtect+ Solution performs Mobile Security App Validation to assess the security controls of mobile devices and applications. From penetration testing to threat modelling, YESsafe AppProtect+ helps to identify potential security vulnerabilities that may put users’ data and privacy at risk.

Below is a list of validation tests that i-Sprint conducts to test against the mobile devices:

Penetration TestingSimulating real-world attacks to identify vulnerabilities and gain unauthorized access.
Vulnerability Scanning  Automated scanning for known security vulnerabilities using predefined rules and patterns.
Threat ModellingSystematically identifying potential threats and vulnerabilities during design and development phases.
Secure Code ReviewManual inspection of source code for coding errors and security vulnerabilities.
Compliance TestingVerifying adherence to relevant security standards, regulations, and industry best practices.
Social Engineering TestingTesting susceptibility to social engineering attacks such as phishing or pretexting.
Periodic TestingConducting mobile security validation testing after updating the phone’s operating system to identify and address security gaps.

Periodic mobile security validation testing, after updates or changes, is crucial to ensure effective security measures, address vulnerabilities, and maintain reliability against evolving threats to protect the app and its users.

i-Sprint and Mobile Security

With the deep understanding about the importance of mobile apps security, i-Sprint has integrated a series of Mobile Apps Validation Testing as well as Mobile Apps Security protection into its YESsafe AppProtect+ solution.

Validation Testing

Category of Mobile Apps Security TestingTypes of Mobile Apps Security Testing
Apps Security TestRepacking Attacks, Code-Injection Attacks, StrandHogg Attacks
Environment Security TestEmulator & Debugger Attacks, User Screenshot & Tasks Screenshot Attacks
Input Security TestUntrusted Keyboard and Screen-Reader Attacks
Device Security TestRooting Attacks

YESsafe AppProtect+

In a nutshell, YESsafe AppProtect+ helps to secure mobile apps in the various ways below:

Protect against compromiseDetect attack at runtimeCounter Attack
Code obfuscationJailbreak / Root detectionConfigurable actions

·  Shutdown (Exit / Fail)

·  Redirect user to specific URL

App binding / Code injection preventationRepackaging detectionCustom reactions

· Data gathering at server side

· Alert / Reporting

· Risk based contextual authentication

Resource verificationEnsure app is running in safe environment

· Debugger detection

· Jailbreak / Root detection

· Emulator detection

Store data encrypted inside the appEnsure App is not altered / tempered at runtime

· Screen detection

· Keylogger detection

· Screen mirroring detection

· Accessibility apps detection

Binding the data to be encrypted to the device

Once the new YESsafe AppProtect+ security shield is applied, it uses Runtime App Self-Protection (RASP) technology to detect and counter attacks even in the absence of an internet connection.

As more users shift from computer to mobile to search for information and services, we see an obvious growing trend in mobile attacks. Businesses are being put at risk for regulatory compliance violations, stolen user data, and more importantly, loss of user trust, bringing irreparable damage to brand reputation.

YESsafe AppProtect+ stays abreast with the ever-evolving malware attacks, is continuously being updated to keep abreast with evolving new threats.

Find out more about YESsafe App Protect+ when you speak to a specialist today.


FormCraft - WordPress form builder