Mobile Application

Security
BY

TABINDA ALI SHAH ZAMAN

 Mobile application security

Mobile application security refers to the technologies and security procedures that
protect mobile applications against cyberattacks and data theft. An all-in-one mobile
app security framework automates mobile application security testing on platforms
like iOS, Android, and others.

 Mobile device usage has been steadily increasing in recent years. Recent statistics
note that about 90% of the global internet population uses a mobile device to go
online. For hackers, this means more people to victimize, making
endpoint security for mobile devices increasingly vital.
Why application security is important

 Application security is important because today’s applications are often available

over various networks and connected to the cloud, increasing vulnerabilities to
security threats and breaches. There is increasing pressure and incentive to not
only ensure security at the network level but also within applications themselves.
One reason for this is because hackers are going after apps with their attacks more
today than in the past. Application security testing can reveal weaknesses at the
application level, helping to prevent these attacks.
The Need for Mobile App Security

Mobile app security can guard against a variety of harmful consequences, including:
 Personal and Login Data Theft
Losing sensitive data, such as client information and login passwords, typically stem
from inadequate mobile app security, which hackers leverage to obtain access to
sensitive information.
 Stolen Financial Data
Mobile banking applications may contain customer financial information, including
credit and debit card details. If a hacker successfully hijacks a banking app, they may
also take control of the user's phone and perform a transaction without the victim's
knowledge.
 Intellectual Property Theft
Without adequate mobile app security, copyrights, patents, and other forms of
intellectual property can fall into malicious hands. For example, every mobile
application is built on a foundational piece of code. To develop copies of popular
apps, which are intended to deceive users into downloading a fake version of the real
software, hackers will attempt to steal the source codes. On mobile devices, these
fake apps can be used to spread malware.
 Reputational Damage
Security flaws in a mobile application can put a company's reputation at risk. User
data being made public will destroy customers' faith in the app developer and damage
the brand’s reputation.
 Types Of Application Security

 Database Security
 Email Security
 Internet
 E-Commerce Security
Database Security

Database security involves protecting sensitive data stored within a database from
unauthorized access, misuse, or breaches.
Threats to databases include
i. unauthorized access
ii. data breaches
iii. data corruption
iv. SQL injection attacks.
Security control in database

 Data Backup: Regularly creating copies of current data to restore in case of loss
or disaster.

 Data Archiving: Organizing and storing inactive data for historical purposes or
compliance.

 Data Disposal: Securely disposing of old or unused data to prevent unauthorized

access.
Email Security

Secure email at the time of receiving and sending.

 Spam: Spam refers to unsolicited, bulk emails sent indiscriminately to a large number of
recipients, often for advertising or malicious purposes. Prevention includes
implementing spam filters, using email authentication mechanisms like SPF, DKIM, and
DMARC, and educating users about identifying and avoiding spam emails.

 Phishing: Phishing involves fraudulent emails that appear to be from legitimate sources,
aiming to trick recipients into revealing sensitive information such as passwords,
financial details, or login credentials. Prevention strategies include user education on
recognizing phishing attempts, implementing email authentication techniques, and
deploying anti-phishing solutions like link scanners and email validation tools.
Internet

There are various security communication which can harm:

 Virus: Malicious software that infects mobile devices by attaching itself to legitimate
programs or files. It can spread through downloads, email attachments, or infected
websites.

 Worms: Self-replicating malware that spreads across networks and devices without
human intervention. It can exploit vulnerabilities in mobile operating systems or apps to
propagate.

 Trapdoor/Backdoor: A hidden entry point in software or systems that allows

unauthorized access. Attackers can exploit backdoors in mobile apps or operating systems
to gain control over the device remotely.
 Spoofing: Impersonating legitimate websites, emails, or messages to deceive users into
providing sensitive information or downloading malware. Attackers may use spoofing
techniques in phishing attacks or fake app downloads.

 Trojan Horse: Malware disguised as legitimate software, tricking users into installing it.
Once installed, it can steal data, spy on users, or damage the device. Trojans often spread
through fake app stores or malicious websites.
E-Commerce Security

E-commerce security involves safeguarding online transactions and sensitive data exchanged during
electronic commerce activities. This includes protecting payment information, preventing fraud, and
ensuring the integrity of online transactions.

 Electronic Payment System: Digital systems that facilitate online payments, such as PayPal,
Stripe, or digital wallets like Google Pay. To secure electronic payment systems, encryption,
tokenization, and secure authentication methods are implemented to protect financial data during
transactions.

 E-cash: Digital currency used for online transactions, like cryptocurrencies.

 Credit/Debit Card: Commonly used for online purchases, credit/debit card transactions require
secure handling to prevent fraud and unauthorized access. Prevention measures include using secure
payment gateways, and tokenization to replace sensitive card data with non-sensitive equivalents.
Conclusion

 In conclusion, application security is paramount in safeguarding digital assets,

user privacy, and maintaining trust in software systems. By implementing robust
security measures such as secure coding practices, thorough testing, regular
updates, and user education, organizations can mitigate the risk of cyber threats
such as malware, data breaches, and unauthorized access. Prioritizing application
security not only protects sensitive data but also ensures the reliability, integrity,
and availability of software systems in an increasingly interconnected digital
landscape.