Recently, the event industry has taken notice concerning security within mobile apps based on an article concerning the RSA mobile app by Quick Mobile “Security researchers from IOActive have decided to take a look at the app to see just how secure it is. In a short amount of time, they identified a total of six flaws.” The article notes two issues that are really concerning:
“The most severe of them can be exploited for man-in-the-middle (MitM) attacks. An attacker could inject a phishing page into the login sequence to trick users into handing over their credentials.”1 And, “The information in the app is retrieved from an SQLite database file that’s downloaded to the smartphone. This file contains the information of every user who has signed up for the RSA Conference 2014 app, including full name, company and title.”
The suit was later dismissed but it started a very important dialog about user data. We all need to be concerned about what information is being collected and how it is being used inside of the mobile apps we use daily.
First, let me say that NO ONE’s mobile app is ever going to be completely 100% secure! If the FBI, CIA, Bitcoin banks (recently), credit card companies, Target, and other highly secure websites/domains can be hacked, no matter what we do we will not stop them completely. If a hacker wants to break in, they will have ample time to do so and they will figure out how to breach a mobile app. There is a fine line here because if we make the app too secure, it creates a barrier to entry and usage. The added complexity can also significantly increase app support requests when users can’t get access into the app. This can cause low download numbers, lack of usage, drop in sponsorships, and the wonderful experience you were expecting to get out of your mobile app – goes away!
My Father always told me to make sure I locked up my bike at night when I was done riding it. He used to say it was not to keep the thief from stealing it but so they would go the next rack where the bike was not locked because it was a lot easier to steal that one than the one that is locked!