Mobile Applications Security Problems as a Result of Insufficient Attention of Developers

In the second half of 2017, developers uploaded about 2800 applications on Google Play on a daily basis. Each of these applications contains a certain amount of data that is stored or transmitted via cellular and Wi-Fi networks.

It is obvious that the data of mobile applications is the key target of the malefactors: not only do they steal data, but also manipulate it in their own interests. This involves a range of problems, such as fake and alternative (often unreliable) applications, malware, data leakage, poorly protected data or data protection errors, and a variety of tools for accessing and decrypting data.

There are many different opinions about an impact of a developer on security.

  1. The developer does not always respond promptly to security reports, which stress the shortcomings in applications.
  2. The developer has done everything in his power to ensure security, so the user causes any problems that arise. This can continue until the situation is publicized, often with the involvement of journalists.
  3. It’s time to put an end to blaming developers for all the security sins. In other words, developers are not the only ones who are involved in creating an application or product. There are also testers and product managers. At the same time, all of them perform their roles, which makes it possible to make sure the overall safety of the developed product is in place. This opinion was published in the article about a year ago. The idea of splitting responsibilities according to the roles was repeated several times throughout the paragraphs and was complemented by the conclusion that security problems always occur when someone develops a prototype to the level of a commercially successful product. Yet the split of functions implies a division of responsibilities. Sad but the claims regarding the security of the (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by David Balaban. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/7bRfjDr9E1w/