Are mobile apps safe? It isn’t a question most people have asked themselves. The app stores, especially Apple, have many precautions in place to prevent apps from being malicious. On rare occasions, one makes it through, but for the most part, the apps themselves are relatively safe from direct malicious intent. However, many of these apps now handle personal and financial information, like banking apps.
Ioactive researchers looked into the banking apps out there to see what the overall level of security and risk was. Their results, utterly shocking. If the technical details interest you I recommend you check it out:
The biggest issues found were: apps storing data to your device in an insecure fashion, and data being sent to and from your phone using an insecure connection. This is pretty shocking, especially since many of these apps are from big name companies that should know better.
In early 2015, research was released showing how 1,500 apps on iOS use secure connections that are not properly validated and could be tampered with. This means it could be incredibly dangerous to use those apps on an untrusted network, like in a coffee shop.
We are seeing a lot of app developers make these very fundamental security mistakes. Snapchat for example, the popular messaging app, used a hardcoded encryption key inside the app that security researchers found.
My recommendation, don’t use banking apps or other apps that deal with your personal information unless you are on your home network. With the increasing number of breaches, I’m hoping app developers will start taking security more seriously, and we will see this be less of a problem within the next year.
If you are one of those people that has or is thinking about jailbreaking your phone, don’t. Jailbreaking your phone allows you to run apps that are unverified and could contain nasty malware. Additionally, it makes your phone vulnerable to other types of attacks and security exploits. Your inability to upgrade and get the most recent security fixes also makes it significantly more dangerous for you. Don’t do it, it really isn’t worth it.
Here are some additional resources for learning more about the technical weaknesses of mobile applications:
How to Hack a Mobile App (10:04)