Security Risks and Prevention Capabilities in Mobile Application Development

Verified

Added on 2023/06/11

AI Summary

This article discusses the security risks associated with mobile applications and the prevention capabilities in mobile application development. It covers topics such as poor data handling, lack of encryption, poor cryptography, and more.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Header: Reflective Essay
Reflective Essay
Authors Name:
Authors ID:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Reflective Essay
Article References
Michalska, A., & Poniszewska-Maranda, A. (2015). Security risks and their prevention capabilities in mobile application
development. Information Systems in Management, 4(3).120-132.
Mobile applications are the systems and the software that are increasing the significance of smartphones day by day. These systems aid
individuals on various aspects. Apart from various benefits, there is the number of risks that will be faced by the mobile applications.
On the basis of the executed research, it has been analyzed that mobile gadgets and devices are considered as one of the biggest
revolutions in today's world and they are often blamed for insecurities. Bad data storage practices, malware, side loading and lack of encryption
all contribute to mobile application vulnerabilities. Nowadays mobile phones completely rely on mobile applications and to a great extent mobile
applications have made our life easy and for so many things we depend on them but after studying these applications carefully I have observed
that with all these free and exceptional services comes lot of threat and issues that we might not be able to solve ( Arp, Quiring, Wressnegger &
Rieck, 2017). When we share our personal data with any of the application it becomes their responsibility to handle our data carefully and ensure
that our data is safe and also does not get manipulated and stolen but most of the times they fail to do so and this is one of the biggest failures of
the mobile application. There are several threats related to mobile application security that I have observed and studied they include, loss of data,
failure in protecting binary, can be hacked easily, lack of encryption or fail to encrypt data, fail to authenticate or authorize, brute force attack,
fail to invalidate the authorized user’s session, poor cryptography and not providing proper security etc. I have analyzed and mentioned all these
reasons related to mobile phone application vulnerabilities and are as follow:

Reflective Essay
Cimler, R., Matyska, J., Balík, L., Horalek, J., & Sobeslav, V. (2015). Security issues of mobile application using cloud computing. In Afro-
European Conference for Industrial Advancement (pp. 347-357). New York: Springer.
Poor handling of data- one of the common loophole in the security of mobile application is not storing the data securely and poor management of
the data, and most of the users do not keep their phone locked and when they are lost or someone steal them it becomes easier for them to extract
the data present in the phone without any proper authentication and if the attacker is performing or studying data forensic can easily access the
data through caches or by simply extracting the file present in the mobile app which has been written poorly (Cimler, Matyska, Balík, Horalek &
Sobeslav, 2015). Most of the app developers go with the client storage in case of data instead of choosing sandbox environment which ensures
minimum or no security breaches. In this case data can be exploited easily and used without authorization and also can be manipulated easily if
gone in wrong hands, and to make sure the data is safe several precautions can be used: Making sure the data is secure and does not get leaked in
the form of caches and no one without proper authentication can access them. By adding another layer of encryption in addition to the earlier one
that is base level encryption and also by proper verification of data handling during all type of caching (Mousa, Mokhtar, Hasan, Younes,
Hadhoud & Brunie, 2015). Absence or lack of binary protection- when the binary code is not present, attackers can easily get access to data as if
it’s a cakewalk and also jail breaking and rooting allowing the attacker to take over the security measures for protecting the data and also
circumventing all the strategies towards encrypting the data. During this time any malware can attack on the device, enabling all the malicious
code to run over the device being attacked. This malicious attack can change the pattern of the specific mobile application also altering the way
application logics behave and cloning the application and distributing it with some threats that are possible. The absence of rooting can also
result in possible damages like losing the confidential data, security issues and also frauds. In order for skipping the whole situations and
damages because of this, there are some techniques that can be used for instance (Clark & Baker, 2017),

Reflective Essay
Wu, L., Du, X., & Fu, X. (2014). Security threats to mobile multimedia applications: Camera-based attacks on mobile phones. IEEE
Communications Magazine, 52(3), 80-87.
Binary hardening technique- in this technique data is properly analyzed and then certain measures are taken to protect it from getting attacked
and exploited. Protecting the app by detecting the jailbreak and rooting and not allowing the app to run on such devices which might be affected
by them. Threats related to weak server side- the whole interaction between the user and the mobile application take place through a sever hence
the hackers attacks the server first during the processing of data. In order to secure the severs the developers use several ways for instance,
detecting the problem directly by using general tools that are easily available to them and are under their budget or by consulting an expert who
is specialized in this field but that costs much more than using normal tools (Wu, Lu, Gong & Gupta, 2017). Sometimes to save the expenses and
as well as due to low budgets the developers do not take it under consideration and many critical concerns arises but most of the times the
developers are not aware of the type of security measures for a new language and many more reasons are there and to tackle these problems
some of the methods are: Scanning the app is the most reliable solution to protect the app from the weak server side because during the scan,
most of the threats can be identified and also by scanning we get the common vulnerabilities of weaker server and can fix them before the
hackers uses all these weak points to attack the server.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Reflective Essay
Gribble, S., Levy, H., Moshchuk, A., & Bragin, T. (2015). U.S. Patent No. 9,043,913. Washington, DC: U.S. Patent and Trademark Office.
For increasing the security level, cyber experts can also provide proper guidance (Gribble, Levy, Moshchuk & Bragin, 2015).
Data leakage- sometimes when the sensitive information of users is not stored properly or on some location that is not at all secure, in this case
there are high chances that the private data or information of users might get leaks whether the developer is aware or not. It is a very critical
situation because it contain the personal information or sensitive data of users and when leaked or gone in wrong hands can be misused or
manipulated or can be exploited. Data leakage and insecure data storage are quite commonly misunderstood but there is a huge difference
between both of these terms as data leakage cannot be controlled by the developer and because of lack or negligence of security whereas
insecure data storage is completely under the control of developer because under this data is leaked by common leakages point like, cached data,
signing sessions, cookie, while browsing, while back grounding the application etcetera so it is very much under the awareness of the developer.
Information leakage is the major issue in the mobile application so to avoid the situation some of the things that can be taken under consideration
are- Securing the locations where information related to users is present (Hay, Tripp & Pistoia, 2015) Only keeping that information which is
necessary, on the servers and by adding some extra security measures. Lack of proper authorization or not authenticating properly when proper
authentication or authorization is not done to check to make sure that the user is accessing the data or doing everything in accordance with the
developer’s security policy then it might result into several problems which might put the user’s data or privacy into danger. Authorization does
not necessary mean that a user is free to use or access all the options available on a site or web application rather limiting the access and
enforcing some procedures regarding what an user is allowed to do and what not. I have observed that the mobile apps cannot rely on internet
connection all the time during their sessions as compared to web connections so mobile apps can also authenticate offline in order to maintain
the uptime and while doing so the developer should consider all the loopholes that might arise (Information Age 2018). For managing the proper
authentication and authorization to users there are few measures that can be taken into account: Enforcing a policy containing a proper methods
for authorization (Wu, Du & Fu, 2014)

Reflective Essay
Khan, L., Lin, Z., Thuraisingham, B., Sahs, J., Sounthiraraj, D., & Greenwood, G. (2018). U.S. Patent No. 9,977,904. Washington, DC: U.S.
Patent and Trademark Office.
In order to prevent anyone other than the users from allowing them to execute actions, it would be best for them if the users are allowed to log in
or sign up only in online mode thus preventing the sensitive information. And if in any case there is a specific requirement to authenticate at
offline mode then some special measures are used for instance, encrypting the data associated with the application and enforcing some specific
procedures (Khan, Lin, Thuraisingham, Sahs, Sounthiraraj & Greenwood, 2018). Broken or poor cryptography- if there is issues related to
encryption like, data is not encrypted properly or implementation of encryption is not well executed then this result into broken cryptography
(Spreitzenbarth, Schreck, Echtler, Arp & Hoffmann, 2015). Because of lack of encryption the attacker can use this vulnerability and can decrypt
the original or primary data and then steal it thus using the data according to his or her conveniences by manipulating the data. Whenever the
data is distributed or exchanged over an invalid certificate connection it is possible that the data can be used by anyone who does not have a
proper access over information and in this case when the connection is not valid or has not been verified, clients should not run their devices
under such connection because it can result into leakage of data and then pirating the data by decrypting it for their own benefit. Managing the
keys poorly can also benefit the adversary becomes for them it becomes easier to get access to keys because of their presence in some location
that can be accessed easily (Michalska & Maranda, 2015). This whole problem occurs because of the developers not using the valid and verified
certificate system and to avoid such situations we can use some techniques and strategies stated below: Application’s certificate is valid and
verified from a trusted source or has also been verified by certificate authority according to the latest policy. Storing the keys in such a location
that cannot be easily accessible.

Reflective Essay
Seo, S. H., Gupta, A., Sallam, A. M., Bertino, E., & Yim, K. (2014). Detecting mobile malware threats to homeland security through static
analysis. Journal of Network and Computer Applications, 38, 43-53.
Encrypting the whole data carefully and making sure that all the processes while doing so are implemented properly for doing so some superior
protocols related to encryptions can also be used. Mishandling the user’s session- it refers to continuation of session even after the user has left
or logged off of session (Seo, Gupta, Sallam, Bertino & Yim, 2014). For increasing the speed of buying processes and for the business to grow
and also for making this experience better for users by speed optimization, many online companies tend to do so by elongating the session but
while doing so they do not even realize that this can be dangerous for the users and their data if in case their phone is lost or stolen during this
session and the adversary can get benefitted from this by easily gaining access to the user’s private information and thus using it and
manipulating or exploiting it for their own use and this situation should be taken under control by: Allowing re-authentication during important
processes in a session like, making the payment, purchasing anything, accessing the important data etcetera (Olaleye, Ranjan & Ojha, 2017).
Application should provide a specific button for signing out of the session and once pressed the session should be expired without any
exceptions. If the user has requested to invalidate the session then it should be considered seriously and done at the moment the request had
made. Lack of transport layer protection- the passage via the information travels between the server and the client is called transport layer
(Pistoia, Tripp & Lubensky, 2018). A hacker can easily gain access to the data if there is insufficient transport layer so to protect this from
happening SSL and TLS should be used for encrypting the communication These all were some important major issues that I have observed
which are associated with the mobile applications and make the mobile app vulnerable (Roman, Lopez & Mambo, 2018).

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Reflective Essay
References
Arp, D., Quiring, E., Wressnegger, C., & Rieck, K. (2017). Privacy threats through ultrasonic side channels on mobile devices. In Security and
Privacy (EuroS&P), 2017 IEEE European Symposium on (pp. 35-47). IEEE.
Clark, J., & Baker, D. (2017). U.S. Patent No. 9,681,304. Washington, DC: U.S. Patent and Trademark Office.
Hay, R., Tripp, O., & Pistoia, M. (2015). Dynamic detection of inter-application communication vulnerabilities in Android. In Proceedings of
the 2015 International Symposium on Software Testing and Analysis (pp. 118-128). ACM.
He, D., Chan, S., & Guizani, M. (2015). Mobile application security: malware threats and defenses. IEEE Wireless Communications, 22(1), 138-
144.
Information Age (2018). Common security vulnerabilities of mobile devices. Retrieved from http://www.information-age.com/security-
vulnerabilities-mobile-devices-123464616/
Mousa, H. Mokhtar, S, B. Hasan, O. Younes, O. Hadhoud, M. & Brunie, L. (2015) [Online]. Trust management and reputation systems in
mobile participatory sensing applications: A survey, Retrieved from https://www-sciencedirect-com.ezproxy.liberty.edu/science/article/
pii/S1389128615002340.
Olaleye, S. B., Ranjan, I., & Ojha, S. (2017). SoloEncrypt: A Smartphone Storage Enhancement Security Model for Securing users Sensitive
Data. Indian Journal of Science and Technology, 10(8).
Pistoia, M., Tripp, O., & Lubensky, D. (2018). Combining Static Code Analysis and Machine Learning for Automatic Detection of Security
Vulnerabilities in Mobile Apps. In Application Development and Design: Concepts, Methodologies, Tools, and Applications 10(3), 35-
43.
Roman, R., Lopez, J., & Mambo, M. (2018). Mobile edge computing, fog et al.: A survey and analysis of security threats and challenges. Future
Generation Computer Systems, 78, 680-698.
Spreitzenbarth, M., Schreck, T., Echtler, F., Arp, D., & Hoffmann, J. (2015). Mobile-Sandbox: combining static and dynamic analysis with
machine-learning techniques. International Journal of Information Security, 14(2), 141-153.
Wu, T., Lu, Y., Gong, X., & Gupta, S. (2017). A study of active users of mobile instant messaging application: An attachment theory
perspective. Information Development, 33(2), 153-168.

1 out of 8

+13062052269

info@desklib.com

Security Risks and Prevention Capabilities in Mobile Application Development

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

One of the Privacy Violation Incidence of Yahoo

Ways of Attacking a Web Application in PHP: SQL Injection, XSS, Session Hijacking, Directory Traversal, and Remote File Inclusion