Mobile App Threats to Your Organization at the Code

In today’s computing environment, we have moved beyond the desktop and wired environment and into the mobile world. Our mobile devices are true computing platforms with their own operating systems and resources; yet we don’t often think about the computer we are carrying in our pocket. How safe are the applications we use? How secure is the data being stored and managed by those applications? And ultimately, how vulnerable is our data should we lose one of these mobile computing systems?

The distribution platforms for our mobile devices are teeming with apps that make us productive on the move. In the rush to capitalize on the rapidly growing mobile app space, publishers are rapidly adopting technologies with whose pitfalls they are not always familiar. Further, there is extensive drain on their development resources, because the complexity of these apps, coupled with the diversity of mobile computing technologies, increases the risk of these apps exponentially.

Mobile app publishers have outsourced development both domestically and overseas; as a result, apps are often being developed by personnel whom the publisher cannot meet or screen directly. Yet there is a valuable wealth of information accessible to these apps; it often includes location information obtained from GPS and wireless networks, information residing within the photos and camera apps, as well as the data within apps for email and text messaging.

Some mobile computing vendors, such as Apple, dutifully examine an app’s code prior to its inclusion in their app stores. But this is not enough; the difference is one of perspective. Vendors like Apple examines apps for threats to their operating system, while our examination focuses on threats to your business and the business data managed by the app. Our examination protects you and your business.

You must disarm the threats discussed in this article by conducting deep code inspections. The proven process examines your software code at the compiled and source-code levels. (The compiled code is distributed for download and installation, whereas “source code” refers to the script of commands used by the app to perform operations, provide an interface, and manage data.) The vetted solution leverages both automated and manual code inspection techniques to examine your code before and during execution. This is how one determines what risks you incur—and when, how, where, and why they are happening.

Authored by my team of cybersecurity leaders.

Leave a Comment

Leave a comment

Leave a Reply