My very first job after college was for a government systems integrator, where both data and physical security were high priorities. Great measures were taken to achieve both.
I’ll always remember my first facilities security officer telling me, “the only way to truly secure any system is to put it in a locked room and throw away the key.”
Unsurprisingly, this was impractical then–just as it is now. The question then becomes, “what should I do to achieve true enterprise security?” In this case, of course, we’re talking about mobile app security. (Click here to read the previous post in our series about mobile app security.)
At App47, we take the time-tested approach of a security onion. No, this isn’t a cooking show…
So far in this mobile app security series, we’ve talked about various layers of app store security, including onboarding and access controls, version management, and authorized users. Like an onion’s skin, these are your outer layers of mobile app security. However, there are complexities with regards to mobile apps that emerge once an app is released into the wild, especially compared to an app you run in your own infrastructure.
We’ve been building up to them–this is the moment things get serious. The approach you take in response to these complexities comprises the inner part of the onion, the inner workings of your multi-layered security approach.
When you run an app in your environment, you control everything: the operating system, the network, the servers, and more. But with a mobile app, a new set of threats emerge, including (but of course not limited to):
- Jailbroken devices. How do you ensure the device is running a released version of iOS or Android?
- Reverse engineering to exploit your mobile app. An individual running your mobile app inside of an emulator or debugger may allow an attacker to exploit vulnerabilities in your app.
- Code injection. Even though your app is compiled and signed, it’s still released into the public domain. Subsequently, given enough technical know-how, it could be altered allowing the once-secure app to leak sensitive data.
- Network-based man-in-the-middle attacks. Working on a compromised network can expose a mobile app to an insecure server through man-in-the-middle attacks of the network communications stack.
As part of the cloud-based app wrapping coming this quarter, App47 will offer features to mitigate these and other security vulnerabilities in your mobile apps.
Don’t just peel off the outer layers of the onion–consider whether you’re equipped to deal with the multiple layers of security threats today. Reach out to our sales team to schedule your demo, and stay tuned to our blog for even more on the threats ahead.
—
Photo by Burhan Rexhepi on Unsplash