here is much hype about the recent cyber attack by the WannaCry hackers group. Individuals, enterprises, and established brands like Nissan; no one has remained bereft of the grip of hackers who have targeted over 200,000 devices in 150 countries to date. To make matters worse, Gartner’s report states that over 81% of smartphone users use Android, thereby making their devices more appetizing targets for those seeking ransom.
With such a baleful picture of the cyber world, there is always a sword of Damocles hanging over the heads of Android app developers. After all, a cyber theft does not just steal a user’s information, but also the enterprise’s reputation. So, instead of providing a good service to the users, the app ends up becoming a useful tool to hackers that helps them steal the users’ information from their devices. Of course, not every attack is under our control; however, a joint study by Poneman Institute and IBM show that 40-50% of the attacks are caused by human error and thus, can be prevented if companies employ essential measures to embed security systems in their apps.
Whether you are an independent app developer or an IT head, here is a list that is followed by the leading cross platform mobile development companies believe that your users might come across and what measures you can use to overcome the risks.
1. Open Port Functionality
Deriving this functionality from traditional computers, Android can give hackers a great opportunity to access millions of Android devices in one go. This is because some Android apps turn smartphones into servers, enabling the users to access their PCs through their phones. However, what the users may not realize is that this also leaves a few open ports in the smartphone, allowing cyber thieves to steal their information and even install malware. According to a study by the University of Michigan, nearly 1,632 apps on the Google Play app store pose is vulnerable to this risk.
One thing is sure: This vulnerability cannot be fixed at the users’ end and it can also not be fixed by Google. So, the developer teams need to make sure that this risk is controlled before their apps are launched on the app store.
How to Fix
One way of fixing this problem is to make sure that no port is left open and to use the ports correctly. So, close all the unnecessary firewall ports. Also, if the employees have access to Bring Your Own Devices, make sure that these devices adhere to some strict software standards.
2. Extensive Permissions
Since all Android apps on a device are sandboxed from each other, not every app has access to all the information they need to launch an installation process. Some apps downloaded from Google Play require specific permissions to access different features of the users’ devices, such as the camera and contacts. However, this sometimes gives attackers an opportunity to steal the users’ information via malicious apps. Check Point, an Israel-based leading cyber security company, indicated in a research they conducted that nearly 45% of Android devices are currently at the tip of this risk.
How to Fix
Though there is some buzz that Android’s upcoming version, Android O, will have built-in security to overcome this threat, till then, security teams must try to minimize the number of permissions they request from the users’ devices during installation. This will significantly reduce the risk of malware entering the users’ system.
Additionally, developers can notify the users to only download the official app and not to install any other apps which were created with the same app name, even if it is on Google Play.
3. Weak Cryptography Algorithms
Another cyber security firm, FireEye, indicated that over 62% of the free apps on Google Play are under the shadow of cyber ghosts which might use the weak cryptography to lock the users’ devices. This can make hackers exploit the SSL and kidnap the data from a device. There are two possible main causes of flawed cryptography; the first is using a weak algorithm and the second is using a strong algorithm in the wrong way.
How to Fix
To fix Android’s full-disk encryption vulnerabilities, developers should try using right key management and strong implementation protocols. Using password-based encryption is another good idea.
4. Insecure Server Configurations
Many project managers tend to ignore this aspect, thinking that a mobile operating system is responsible for the server security. This is one of the biggest reasons of server attacks in Android apps. Attackers can have complete access to the device data via the application programs on the server.
How to Fix
Developers must make sure that the app holds a valid SSL certificate from trusted RootCAs. Performing SSL cipher scanning prior to the launch can also reduce the app’s vulnerability to a greater extent. Also, one can avoid loading code from any APK outside the app.
With more nations going cashless and digital, it is high time that business owners and project managers pay ample attention to their apps’ security structures too, especially those using Android.
If you are an Android app developer, avoiding the above mentioned laws can bring your app away from the peering eyes of hackers.