Data security today remains one of the most discussed topics for developers, employees and IT security managers. According to us, this issue is the most burning for 60% of top managers of large companies.
How to secure data in mobile applications
The rise in popularity of mobile applications over the past few years is due to the fact that sophisticated technologies have become more adapted to the average user and daily use of applications has become commonplace for a third of Russians.
According to a Comscore report , the number of mobile users surpassed the number of PC users in 2014.
The need to secure mobile apps increased due to the widespread use of mobile apps in all areas of electronic services, including financial, banking, storage and the transfer of personal data and a parallel increase in the number of Internet fraudsters. Consulting company Gartner predicts that during 2017, 268 billion downloads will generate 77 billion dollars in revenue.
Arguments and Facts
Company NowSecure (previously Viaforensics) conducted a unique study to assess the security of mobile applications, which gave unexpected results. The company’s analysts randomly selected 30 popular mobile applications and subjected them to rigorous reliability testing. About a quarter of the stated data protection systems were opened by hacking and called unsafe.
Also, with the help of external influence, the specialists got stored pin-codes and credit card numbers from the device’s memory. Moreover, in some cases it was even possible to provide unauthorized access to the payment history. The names of mobile applications have not been announced to preserve the image of companies.
The results of this and other studies in the field of data security revealed the main types of problems in existing security systems of mobile applications:
- Network related to communication with the server. Problems of this type appear when data is transmitted over weakly protected channels.
- The problem of data storage. Data is stored in clear text, for example, on an SD card, or it is not encrypted; this leads to the possibility of access to information from outside.
- The impact of third-party applications. There is a high probability of unauthorized access to the application, performance of any actions on behalf of the user, or even data theft.
Native Technology Solution
Every year the number of methods for hacking into mobile application security systems is growing, but at the same time the resistance force becomes stronger. Today, developers use various methods of information protection.
For example, Natah Technologies specialists pay great attention to the issue of data security of their applications. To protect data, they use the following security measures:
- Protected data transfer channel to the server;
- Special libraries for using SQL queries, which eliminates the likelihood of being inserted into SQL code from outside;
- Data encryption;
- Microsoft Azure enterprise-class highly scalable, resilient cloud computing platform . Microsoft Azure Multi-Factor Authentication provides an additional authentication step in addition to user credentials.