This nice talk on mobile security by Siren Hofvander kicked off with some general good-to-knows, like how a cell phone is lost every 3 minutes. Adding this to the fact that 3 of 4 companies allow BYOD (Bring Your Own Device), a lot of sensitive information can get lost to the public, if you ignore to secure your information.
Siren talked about how apps we install may gain access to our personal data, free to do whatever they want with it unless we deny them that permission. According to her, 96% of iOS and 84% of Android apps get access to contacts, calendar, tracking information etc.
Are we aware of which privileges we give these apps, or do we more or less allow anything to be able to play the latest game?
There are three main types of mobile apps - native, mobile and hybrid ones. Each type presents different types of security aspects to take into consideration when designing your app, with hybrid apps providing you with the sum of all risks. Also, the mobile platforms themselves provide very different challenges. For instance, iOS suffer an amazingly low 0.7% of all malware, while Android is affected by 79%.
Working her way through a list of malicious activities, Siren stressed that we as developers can not just design our app based how we expect the user to use it. We have to consider the hardware as well and think about the big picture. We tend to focus on application layer security, but the application stack consists of the OS, the hardware and the infrastructure as well. They are all part of the big picture and must be considered.
Siren went through various attack scenarios. For instance, do not connect to the free Wi-Fi art a security conference :) She presented a set of testing questions you should as yourself when developing and also talked about spoofing, tampering and disclosure and keeping your data safe from point A to point B. Very good and perfectly disposed information. Love the lists!
All in all a really great talk. Check out the video here, then hurry and download that big boobs app!