If your business is made up of people who work from mobile devices – such as phones, tablets and laptops – your business has gone mobile. But have you considered the unique security challenges this presents? While security particulars vary widely, depending on the type of app or device being deployed, it's up to IT leaders to ensure that user convenience never trumps protection of valuable enterprise or consumer information.
We’ve scoured the web to come up with the top 3 critical factors to consider:
1. Insecure data storage
In America, the Starbucks mobile app is one of the most widely used mobile payment apps. Consumers simply enter their passwords once when activating the payment portion of the app and use it again and again to make unlimited purchases without having to re-input their password or user name.
While that might be convenient for a caffeine-starved public, Starbucks recently confirmed that its app was storing usernames, email addresses, and passwords in clear text. That allowed anyone with access to the phone to see passwords and usernames just by connecting the phone to a PC. Clear text also displayed users' geo-location tracking points. With this information in hand, unauthorized individuals would have the credentials to log in to the Starbucks website as well. It's common for users to employ the same username and password across systems, so if someone compromises that particular password, the potential also exists for them to compromise additional user accounts.
The solution? Choose apps that store critical information such as passwords and credit card numbers remotely – not on a device. If they do, they must be stored securely. For iOS, passwords should be stored within an encrypted data section in the iOS keychain. For Android, they should reside within encrypted storage in the internal app data directory, and the app should be marked to disallow backup.
2. Unintended data leakage
Brands covet the kind of personal information some mobile apps glean. Being able to personalize marketing offers to consumers is a key digital business goal. But it's essential that this desire to gather personal data doesn't compromise a consumer’s privacy.
The solution? Use caution when choosing analytics providers and implementing advertising. Watching what, how, when, and where data moves and make sure your company is protected against an unintended person getting a gold mine of inside information.
3. Security decisions via untrusted inputs
A mobile app can accept data from all kinds of sources. In the absence of sufficient encryption, attackers could modify inputs such as cookies and environment variables. When security decisions on authentication and authorization are made based on the values of these inputs, attackers can bypass your security.
For example, in 2012 a flaw in Skype security allowed hackers to open the Skype app and dial arbitrary phone numbers using a simple link in the contents of an email. Similarly, a bug in the iPhone 1 OS enabled hackers to listen in on phone conversations when those phones were connected to insecure wireless networks. Any app that has openings to accept data from external sources must include checks to all inputs used to build the app.
The solution? As far as is possible, discourage your business staff from using public apps for private, business affairs. Instead of using public area wi-fi hot spots for example, invest in mobile data bundles and 3G/4G devices or portable hotspots for employees that work outside of your office walls.
Get new press articles by email
The Pulse Latest Articles
- Education Is The Frontline Of Inequality, Business Must Show Up (December 11, 2025)
- When The Purple Profile Pictures Fade, The Real Work Begins (December 11, 2025)
- Dear Santa, Please Skip The Socks This Year (December 10, 2025)
- Brandtech+ Has 100 Global Creative Roles For South African Talent (December 9, 2025)
- The Woman Behind Bertie: Michelle’s Journey To Cape Town’s Beloved Mobile Café (December 9, 2025)