Nobody (except a bad actor) wants their mobile app to wreak havoc on unsuspecting users, or expose them to glaring flaws in security. By looking inside the app to analyze the software, you can see how it behaves, but what about the domains and networks it links to, or apps that share some of the same code? How safe are they?
Don’t get us wrong – manual testing of software is still an important and valuable part of quality assurance, leveraging human intuition and inventiveness for proper coverage. But there’s a penalty to pay as well. Manual testing takes time and effort. When good automation can handle a large part of what would otherwise have been manual testing, in minutes instead of days, and at a fraction of the cost, insisting on manual testing could be a significant error.
Many apps ask for information and permissions at the time of installation to track user activity, and users often consent to these requests. However, when such an app is deleted by the user, such tracking should stop as well. Instead, using a technique known as fingerprinting, app creators can illicitly track mobile devices even after the app has been deleted, or before it is reinstalled.
If someone were to tell you that you have a mobile application on your phone that allows you to record audio, would you be concerned? It may alarm you, but that in and of itself is not enough to say the application is not secure. There are too many variables: What is the function of the application? Is the user aware of when he/she is being recorded? Is there a way to retrieve the audio remotely?
Coming to a smartphone near you today, augmented reality apps herald a new world of opportunities and dangers. While virtual reality (VR) and its separate virtual worlds have been in the public eye for a while, augmented reality (AR) with its subtle blending of both virtual and real contexts is a relative newcomer. However, now that Facebook is using its new camera tools to launch its own AR platform, overlaying graphics on the real world via your mobile screen, AR is likely to gain significantly in popularity.
There are two things wrong with the preconception that cyber criminals rely on tacky, free mobile apps to get victims to leak their financial details, so that the criminals can then empty their bank accounts. First, mobile data leaks also happen via many popular, well-perceived app brands. Second, financial data is only one part of the treasure trove for cyber criminals, who may find even richer gains by using additional, non-financial, personal data.
In the aftermath of the recent attack in London by an alleged terrorist, the popular WhatsApp messaging service has itself become a target of the British Government. The U.K. Home Secretary, Amber Rudd, wants WhatsApp to make end-user content available to British intelligence services. This follows disclosure that the attacker used the messaging service shortly before launching the violent aggressions that claimed the lives of four people.
When it comes to Internet of Things app security, many enterprises are like deer caught in the headlights. They know something bad is going to happen if they don’t make a move. When IoT apps fail to properly protect the data and devices with which they work, damage can range over breach of private personal information, for example in the case of wearables, to sabotage of large systems and machines, such as production lines and power generating turbines.
In May 2018, new data regulation will be enforced. Although General Data Protection Regulation or GDPR is a European initiative, it can affect businesses all over the world, including the likes of Facebook and Google, and FinTech companies. GDPR has been designed to meet the three following goals...
Mobility is now a big deal for the insurance industry. Some insurance companies have developed their own apps to help customers find an insurance agent, or take pictures of damage for claims. Others use third parties to produce mobile apps for both business-to-consumer and business-to-business markets. Unfortunately, all of them are at risk, reputationally or operationally, from mobile app disasters.