This great Øredev 2013 session focused on how to be secure on a mobile platform, with a bunch of great examples and concrete demos.
Siren Hofvander kicked off this session with some general good-to-knows, like how a cell phone is lost every 3 minutes. Adding this to the fact that 3 of 4 companies allow BYOD (Bring Your Own Device), a lot of sensitive information can get lost to the public, if you ignore to secure your information.
Siren talked about how apps we install may gain access to our personal data, free to do whatever they want with it unless we deny them that permission. According to her, 96% of iOS and 84% of Android apps get access to contacts, calendar, tracking information etc. Are we aware of which privileges we give these apps, or do we more or less allow anything to be able to play the latest game?
There are three main types of mobile apps - native, mobile and hybrid ones. Each type presents security aspects to take into consideration when designing your app, with hybrid apps providing you with the sum of all risks. Also, the mobile platforms themselves provide different challenges. For instance, iOS suffer an amazingly low 0.7% of all malware, while Android is affected by 79%.
Working through a list of malicious activities, Siren stressed that we as developers can’t just design our apps based how we expect the user to use it. We must consider the hardware as well and think about the big picture. We tend to focus on application layer security, but the application stack consists of the OS, the hardware and the infrastructure as well. They’re all part of the system and must be considered.
Siren went through various attack scenarios. For instance, don’t connect to the free Wi-Fi at an “art and security conference” :) She presented a set of test questions you should ask yourself when developing and also talked about spoofing, tampering and disclosure and how to keep your data safe from point A to point B. Very good and perfectly disposed information. I love the lists!
All in all, this was a great talk. Check out the video here, then hurry and download that big boobs app!