5 Mega Mobile App Security Myths Debunked
This is the age of the app. As one wag quipped, no matter what you want to do, “There’s an app for that!” And even though relatively few apps achieve star status or lasting user loyalty, they continue to fill up app stores by the wagonload. Instant gratification is easy for mobile device owners. Just download a new app, and tap and swipe to your heart’s content. However, liberty and security are often diametrically opposed. If we can’t have both, so we deform reality to try to believe we can. Thus, Mobile App Security myths like the following are born.
Myth #1 – Public App Stores are 100% Safe
Unfortunately, not even the big-name app stores can make this claim. An IT department that lets users download apps without any checks is asking for trouble, because of two major problems. First, even Apple and Google cannot stop the occasional bad actor from slipping through their controls. Determined hackers will continue to chip away at defenses until they find a flaw. When that one is plugged, they will look for another. Second, apps often ask for more permissions than they need, essentially grooming users for insecure practices after.
Myth #2 – EMM Will Keep Our Enterprise Safe
EMM (enterprise mobile management) may offer device-level security via remote memory wipes, but will not alert enterprises about suspicious code sitting in those devices. On the other hand, Mi3 Security’s AppInterrogator finds such code fast through binary analysis. AppInterrogator can also work together with EMM platforms, for a robust and systematic security solution.
Myth #3 – Stay Safe by Staying Away from Sites with Bad Intent
Superficially, this sounds like good advice. If you don’t want trouble, stay away from the bad side of town. However, hackers also know how to attack via supposedly safe sites, for example with cross-site scripting. When it comes to mobile app security, only the paranoid survive – Or only those performing systematic binary analysis of apps, downloads, and mobile device stored data.
Myth #4 – Stay Safe by Only Opening Email from People You Know
Or people you think you know. This myth looks somewhat like the one above, but the difference is that this time, instead of a genuine site, you are dealing with a fake email message. It is easy for attackers to spoof a sender’s address and send a convincing email with a bogus link to an attacker’s download URL. In the hurly-burly of business, users don’t always take the time to scrutinize every email. A message on users’ mobiles from “accounting” for downloading the “new profit sharing scheme app” may have those users tapping in haste and repenting at leisure.
Myth #5 – You Will Know if Your Mobile Device is Infected
Effective malware stays hidden for longer. That way it can siphon off more confidential business and personal data, and collect more user ID and password information. Or it will simply stay hidden until the attacker controlling it decides to use your device as part of a distributed denial of service (DDoS) attack. But even if you can’t see it, the right binary analysis can.
In enterprises across the world, employees are using mobile devices – often their own – to access business systems and data. Information security awareness is an important part of staying safe, so tell employees about these myths, why they are dangerous, and what to do instead. But also, back up any awareness campaign with rapid, frequent binary analysis to spot and eliminate undesirable apps before they can do any damage.
The post 5 Mega Mobile App Security Myths Debunked appeared first on .