How to Increase Mobile App Security on your Devices
Mobile devices, such as tablets, smartphones, and watches, have become the primary technologies we use in both our personal and professional lives. According to comScore’s 2017 Cross Platform Future in Focus report, the average American adult spends almost three hours on their smartphone every day.
What makes mobile devices so versatile are the multitude of apps at our fingertips. These apps empower us in many ways; from being more productive and instantly communicating and sharing with others, to simply entertaining ourselves.
However, with power comes risks. Here are some steps you can take to increase mobile app security on your devices.
Getting Mobile Apps the Safe Way
The first step in device security is ensuring you download mobile apps from a safe and trusted source. Cyber criminals have mastered their skills at creating and distributing infected mobile apps that appear to be legitimate.
Download apps from only well-known, trusted sources to reduce the chance of installing an infected app:
- For Apple devices, such as iPads and iPhones, only download mobile apps from the Apple App Store. The advantage to this is Apple does a security check of all mobile apps before they are made available. While Apple cannot catch all the infected mobile apps, this managed environment helps to dramatically reduce the risk of installing an infected app.
- Android devices allow you to download a mobile app from anywhere on the internet. However, with this flexibility comes more responsibility. You must be more careful about which mobile apps you download and install as anyone – including cyber criminals – can easily create and distribute malicious mobile apps. Google does maintain a managed app store called Google Play with apps that have passed some basic security checks. As such, we recommend you download your mobile apps for Android devices only from Google Play. As an additional protection, install antivirus on your mobile device when possible.
Regardless of device operating system, an additional step you can take is to avoid apps that are brand new, that few people have downloaded, or that have few positive reviews.
Not only does each app potentially bring new vulnerabilities, but also new privacy issues. Install only the apps you need and use. If you stop using an app, remove it from your mobile device.
Never jailbreak or root your mobile device. This is the process of hacking into the hardware and installing unapproved apps or changing existing, built-in functionality. This not only bypasses or eliminates many of the security controls, but often also voids warranties and support contracts.
Once you have installed a mobile app from a trusted source, make sure it is safely configured and protecting your privacy. Before allowing a mobile app access ask yourself, “Do I really want to grant the permission this app is asking for, and does the app really need it?”.
For example, some apps use geo-location services. If you allow an app to always know your location, you may be allowing the creator of that app to track your movements, and possibly even allowing the app author to sell that information. If you do not wish to grant the permissions, deny the permission request or shop around for another app that meets your requirements.
Like your computer and mobile device operating system, your apps must be updated to stay current with technology. Criminals are constantly searching for and finding weaknesses in apps so they can develop attacks to exploit them. Mobile app developers generally create and release updates to fix these weaknesses. The more often you check for and install updates, the better.
We recommend setting your devices to update mobile apps automatically when possible. If not, set a reminder for yourself to check at least every two weeks for updates. When your apps are updated, always make sure you verify any new permissions they might require.
Protecting your App Users
On the flip side, if you provide mobile apps it is in your best interest to make them as secure as possible.
Responsible mobile app providers should follow the OWASP Application Security Verification Standard for development and conduct a penetration test. It’s also a good idea to obtain a third-party mobile app assessment to reveal unknown vulnerabilities.
Sword & Shield Enterprise Security partners with you through our Mobile Application Security Assessment service to empower you to offer secure mobile applications. Learn more.