{"id":383,"date":"2015-06-30T15:15:15","date_gmt":"2015-06-30T19:15:15","guid":{"rendered":"http:\/\/turinasbird.com\/?p=383"},"modified":"2015-08-04T09:14:47","modified_gmt":"2015-08-04T13:14:47","slug":"app-developers-beware","status":"publish","type":"post","link":"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware","title":{"rendered":"App Developers Beware!"},"content":{"rendered":"<div pw:image='' class='pw-widget pw-counter-none pw-horizontal' pw:url=\"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware\" pw:title=\"App Developers Beware!\" >\n\t<a class='pw-button-linkedin pw-look-native' ><\/a>\n\t<a class='pw-button-facebook pw-look-native' ><\/a>\n\t<a class='pw-button-googleplus pw-look-native' ><\/a>\n\t<a class='pw-button-twitter pw-look-native' ><\/a>\n\t<a class='pw-button-post-share' ><\/a>\n<\/div><p><a href=\"http:\/\/turinasbird.com\/wp-content\/uploads\/2015\/06\/mobile-app-developers-beware1.jpg\"><img decoding=\"async\" loading=\"lazy\" class=\"alignright wp-image-387 size-medium\" title=\"Mobile App Developers Beware\" src=\"http:\/\/turinasbird.com\/wp-content\/uploads\/2015\/06\/mobile-app-developers-beware1-300x240.jpg\" alt=\"Mobile App Developers Beware\" width=\"300\" height=\"240\" srcset=\"https:\/\/turinasbird.com\/wp-content\/uploads\/2015\/06\/mobile-app-developers-beware1-300x240.jpg 300w, https:\/\/turinasbird.com\/wp-content\/uploads\/2015\/06\/mobile-app-developers-beware1.jpg 500w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a>App developers beware. Hackers now know that apps lacking robust security controls can be the back door to PCs and enterprise systems. According to the CYREN 2015 Cyber Report, 1,076,390 new android malware were identified in Q1 of 2015 as compared to 790,000 in Q4 of 2014-a 36% increase. So, if your business model involves an app and you don\u2019t want to be the cause of tomorrow\u2019s front-page data breach story, it\u2019s time to start taking security seriously. Here are some of the things we advise our clients to consider when developing and maintaining their app:<\/p>\n<p><u>Think About Verification<\/u><\/p>\n<p>Chances are, someone using your app will lose their phone or have it stolen. Additional odds that one of those phones will not be password protected-a potential goldmine for the would-be hacker. Your app may be the last line of defense. What kind of authentication procedures will you have to prevent unauthorized access? Are strong passwords required? Is two-factor authentication in place? How will failed logins and lost passwords be handled? Will you be able to weave in even newer technologies, such as app coding to block access from jail-broken phone? These are just some of the questions to think about and discuss with your developer before coding begins.<\/p>\n<p><u>Remember to Plan Storage and Encryption<\/u><\/p>\n<p>The storage of unencrypted data on a mobile device should be avoided whenever possible. If local storage is absolutely necessary, make sure data is properly encrypted. Data in transit should be encrypted as well. Apps that allow the transmission of unencrypted or weakly encrypted data create additional vulnerabilities to attack.<!--more--><\/p>\n<p><u>Secure Coding Should be Top of Mind<\/u><\/p>\n<p>Make sure your developers are security minded. They should be consciously thinking about their coding and testing it along the way in order to ensure your app doesn\u2019t contain vulnerabilities that can be exploited once you are up and running.<\/p>\n<p><u>Threat Modeling: Think Like a Hacker<\/u><\/p>\n<p>Threat modeling is a process of assessing and documenting a system&#8217;s security risks. The goal is to examine your app\u2019s security protocols through the eyes of your potential foe. Ideally, if this process is done carefully, your app\u2019s weaknesses will be identified and appropriate security safeguards can be built in before anyone has time to capitalize on design weaknesses.<\/p>\n<p><u>\u00a0<\/u><u>Penetration Testing as an Additional Safeguard<\/u><\/p>\n<p>Penetration testing is a process of testing your applications for vulnerabilities in order to understand what a hacker could do to harm an application. An effective penetration test will usually involve a skilled hacker, or team of hackers. Is this something worth considering for your enterprise?<\/p>\n<p><u>Bug Bounties: A More Cost Effective Alternative?<\/u><\/p>\n<p>While penetration testing is a good practice, it can be expensive.\u00a0\u00a0 An alternative may be to set up a bug bounty program, offering a monetary reward for finding software bugs and reporting them to you. Bug bounties have become very popular in recent years and have been adopted by the likes of PayPal, AT&amp;T, Google, and Tesla. Most companies offer bounties on a sliding scale based on the size of the organization and how much user impact a bug might have. On the upper end, Facebook recently reported that it had 17,011 bug bounty submissions and has paid out more than $3 million since their program was started in 2011. Downside of a bug bounty? If not adequately staffed, your company could be overwhelmed with bug bounty submissions especially if there are an excessive amount of bugs existing in the app. Filtering through duplicate and invalid submissions can be a time-consuming activity as well.<\/p>\n<p><u>Patch Management\/Open Source Awareness<\/u><\/p>\n<p>Once your app is up and running and the initial bugs have been screened out, your work has just begun. Software needs to be regularly monitored and updated to ensure vulnerabilities are addressed. Don\u2019t forget, even if you your software is proprietary, chances are there is open source embedded within your product. Make sure someone is aware of what\u2019s there and you have a means of keeping up with updates and patches.<\/p>\n<p><u>Final Thoughts<\/u><\/p>\n<p>Unfortunately, in today\u2019s security breach era, mobile apps are no longer immune. Your mobile app should be seen as an extension of desktop software. It should be afforded the same level of attention when it comes to security testing.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>App developers beware. Hackers now know that apps lacking robust security controls can be the back door to PCs and enterprise systems. According to the CYREN 2015 Cyber Report, 1,076,390 new android malware were identified in Q1 of 2015 as compared to 790,000 in Q4 of 2014-a 36% increase. So, if your business model involves [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":387,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8],"tags":[37,36,11,35],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>App Developers Be Ware! | Turinas &amp; Bird<\/title>\n<meta name=\"description\" content=\"App developers beware that hackers now know that apps lacking robust security controls can be the back door to PCs and enterprise systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"App Developers Be Ware! | Turinas &amp; Bird\" \/>\n<meta property=\"og:description\" content=\"App developers beware that hackers now know that apps lacking robust security controls can be the back door to PCs and enterprise systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware\" \/>\n<meta property=\"og:site_name\" content=\"Turinas &amp; Bird, LLC\" \/>\n<meta property=\"article:published_time\" content=\"2015-06-30T19:15:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-08-04T13:14:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/turinasbird.com\/wp-content\/uploads\/2015\/06\/mobile-app-developers-beware1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Alison Bird\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alison Bird\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware\",\"url\":\"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware\",\"name\":\"App Developers Be Ware! | Turinas & Bird\",\"isPartOf\":{\"@id\":\"https:\/\/turinasbird.com\/#website\"},\"datePublished\":\"2015-06-30T19:15:15+00:00\",\"dateModified\":\"2015-08-04T13:14:47+00:00\",\"author\":{\"@id\":\"https:\/\/turinasbird.com\/#\/schema\/person\/7319da0a0d93fb913f7c3729b959f432\"},\"description\":\"App developers beware that hackers now know that apps lacking robust security controls can be the back door to PCs and enterprise systems.\",\"breadcrumb\":{\"@id\":\"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/turinasbird.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"App Developers Beware!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/turinasbird.com\/#website\",\"url\":\"https:\/\/turinasbird.com\/\",\"name\":\"Turinas &amp; Bird, LLC\",\"description\":\"Strategic Counsel for Cloud Based Technology Companies &amp; Expansion\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/turinasbird.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/turinasbird.com\/#\/schema\/person\/7319da0a0d93fb913f7c3729b959f432\",\"name\":\"Alison Bird\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/turinasbird.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e694b8ce3302a2e9cc58df65808e9c34?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e694b8ce3302a2e9cc58df65808e9c34?s=96&d=mm&r=g\",\"caption\":\"Alison Bird\"},\"url\":\"https:\/\/turinasbird.com\/author\/alison-bird\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"App Developers Be Ware! | Turinas & Bird","description":"App developers beware that hackers now know that apps lacking robust security controls can be the back door to PCs and enterprise systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware","og_locale":"en_US","og_type":"article","og_title":"App Developers Be Ware! | Turinas & Bird","og_description":"App developers beware that hackers now know that apps lacking robust security controls can be the back door to PCs and enterprise systems.","og_url":"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware","og_site_name":"Turinas &amp; Bird, LLC","article_published_time":"2015-06-30T19:15:15+00:00","article_modified_time":"2015-08-04T13:14:47+00:00","og_image":[{"width":500,"height":400,"url":"https:\/\/turinasbird.com\/wp-content\/uploads\/2015\/06\/mobile-app-developers-beware1.jpg","type":"image\/jpeg"}],"author":"Alison Bird","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Alison Bird","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware","url":"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware","name":"App Developers Be Ware! | Turinas & Bird","isPartOf":{"@id":"https:\/\/turinasbird.com\/#website"},"datePublished":"2015-06-30T19:15:15+00:00","dateModified":"2015-08-04T13:14:47+00:00","author":{"@id":"https:\/\/turinasbird.com\/#\/schema\/person\/7319da0a0d93fb913f7c3729b959f432"},"description":"App developers beware that hackers now know that apps lacking robust security controls can be the back door to PCs and enterprise systems.","breadcrumb":{"@id":"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/turinasbird.com\/2015\/06\/30\/data-security\/app-developers-beware#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/turinasbird.com\/"},{"@type":"ListItem","position":2,"name":"App Developers Beware!"}]},{"@type":"WebSite","@id":"https:\/\/turinasbird.com\/#website","url":"https:\/\/turinasbird.com\/","name":"Turinas &amp; Bird, LLC","description":"Strategic Counsel for Cloud Based Technology Companies &amp; Expansion","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/turinasbird.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/turinasbird.com\/#\/schema\/person\/7319da0a0d93fb913f7c3729b959f432","name":"Alison Bird","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/turinasbird.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e694b8ce3302a2e9cc58df65808e9c34?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e694b8ce3302a2e9cc58df65808e9c34?s=96&d=mm&r=g","caption":"Alison Bird"},"url":"https:\/\/turinasbird.com\/author\/alison-bird"}]}},"_links":{"self":[{"href":"https:\/\/turinasbird.com\/wp-json\/wp\/v2\/posts\/383"}],"collection":[{"href":"https:\/\/turinasbird.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/turinasbird.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/turinasbird.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/turinasbird.com\/wp-json\/wp\/v2\/comments?post=383"}],"version-history":[{"count":0,"href":"https:\/\/turinasbird.com\/wp-json\/wp\/v2\/posts\/383\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/turinasbird.com\/wp-json\/wp\/v2\/media\/387"}],"wp:attachment":[{"href":"https:\/\/turinasbird.com\/wp-json\/wp\/v2\/media?parent=383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/turinasbird.com\/wp-json\/wp\/v2\/categories?post=383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/turinasbird.com\/wp-json\/wp\/v2\/tags?post=383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}