Over the last couple of weeks, the issue of cybersecurity once again grabbed headlines when ransomware called WannaCry infected 230,000 computers in over 150 countries, bringing large and small organisations to their knees. While GO-JEK itself wasn’t vulnerable to WannaCry (WannaCry attacks Windows systems and we don't have a Windows environment), it does serve as an example of how hackers exploit vulnerabilities.
Even more recently, there was news of over 36.5 million Android users being infected by 'Judy' malware, which should certainly ring some alarm bells for Android users. In terms of security, iPhones are probably more secure, given that there have been no real ransomware attacks on iOS. According to an HP Research Report released in July last year, however, nine out of 10 mobile apps have vulnerabilities that could pose a security threat. What makes this even more problematic is that about 97 percent of the mobile apps tested access some form of private information on the phone.
Additionally, the popularity of mobile apps has gone through the roof! Gartner has predicted that by 2017, mobile apps will be downloaded more than 268 billion times, generating revenue of more than $77bn; making apps one of the most popular computing tools for users across the globe.
Needless to say, app security is a top area of concern for developers and end users alike. As the threat landscape is extremely dynamic, app security can never be considered fool-proof. Having said that, there are a few common-sense measures that everyone must deploy to limit exposure to app malware attacks. These are:
Secure data on the server side
Because every app is connected to the API on the server side, ensuring that the API is secure is extremely important. Since most of the information is saved on the server, ensuring a secure API can protect the information even if there is ransomware or malware on the device side.
Regular security testing
It is important to test the apps, APIs as well as infrastructure at regular intervals. Checking for flaws in the local/device storage, revisiting the configuration and checking for any sensitive information such as credentials being stored on the app are all good practices.
Patch Systems
Deploying relevant software patches as and when they become available can help safeguard against such attacks to a large extent. Ensuring that the software you are using is current and able to incorporate patches is also important.
Security awareness for employees
One of the best ways to save yourself from malicious attacks is to refrain from installing apps from unknown sources. Therefore, raising awareness of employees and educating them on aspects of security is an important step.
Speaking for GO-JEK, security is certainly a top priority for us. Some of our processes are:
With all these measures in place, we have minimised the chances of any such incidents occurring within our environment.
Now you should follow similar practices to protect your mobile apps from malware attacks.