Maintaining Mobile App Security is Essential

Over the last couple of weeks, the issue of cybersecurity once again grabbed headlines when ransomware called WannaCry infected 230,000 computers in over 150 countries, bringing large and small organisations to their knees. While GO-JEK itself wasn’t vulnerable to WannaCry (WannaCry attacks Windows systems and we don't have a Windows environment), it does serve as an example of how hackers exploit vulnerabilities.

Even more recently, there was news of over 36.5 million Android users being infected by 'Judy' malware, which should certainly ring some alarm bells for Android users. In terms of security, iPhones are probably more secure, given that there have been no real ransomware attacks on iOS. According to an HP Research Report released in July last year, however, nine out of 10 mobile apps have vulnerabilities that could pose a security threat. What makes this even more problematic is that about 97 percent of the mobile apps tested access some form of private information on the phone.

Additionally, the popularity of mobile apps has gone through the roof! Gartner has predicted that by 2017, mobile apps will be downloaded more than 268 billion times, generating revenue of more than $77bn; making apps one of the most popular computing tools for users across the globe.

Needless to say, app security is a top area of concern for developers and end users alike. As the threat landscape is extremely dynamic, app security can never be considered fool-proof. Having said that, there are a few common-sense measures that everyone must deploy to limit exposure to app malware attacks. These are:

Secure data on the server side

Because every app is connected to the API on the server side, ensuring that the API is secure is extremely important. Since most of the information is saved on the server, ensuring a secure API can protect the information even if there is ransomware or malware on the device side.

Regular security testing

It is important to test the apps, APIs as well as infrastructure at regular intervals. Checking for flaws in the local/device storage, revisiting the configuration and checking for any sensitive information such as credentials being stored on the app are all good practices.

Patch Systems

Deploying relevant software patches as and when they become available can help safeguard against such attacks to a large extent. Ensuring that the software you are using is current and able to incorporate patches is also important.

Security awareness for employees

One of the best ways to save yourself from malicious attacks is to refrain from installing apps from unknown sources. Therefore, raising awareness of employees and educating them on aspects of security is an important step.

Speaking for GO-JEK, security is certainly a top priority for us. Some of our processes are:

  • Regular security testing of app and mobile APIs
  • Regular infrastructure testing
  • Every change in public infrastructure goes via an approval process
  • Ensuring that our systems are always up to date
  • An attack monitoring system
  • A public bug bounty program

With all these measures in place, we have minimised the chances of any such incidents occurring within our environment.

Now you should follow similar practices to protect your mobile apps from malware attacks.

profile-image

Amol Naik

Guest Author Amol Naik is leading security team at GO-JEK. He has more than a decade of experience in Information Security. He specialises in Web application security, Network Security & vulnerability research. In past, he has reported many bugs in Google, Facebook, Twitter, etc as a part of bug bounty hunting. He also worked on browser security and reported many bugs in Internet Explorer.

Also Read

Stay in the know with our newsletter