The number of apps released over the past few years is astonishing, and that number is growing. Yet as the number of apps and app users grow, hackers see more opportunity for profit. Each app being developed now must take user’s security needs into consideration, in addition to its usual excellence.
To put this into perspective, while malware disguised as apps has decreased over time with the growth of iTunes and Google Play, the apps themselves are being targeted by hackers for the information they contain. Additionally, companies and businesses (including app-makers) are often targeted for cyberattacks, as their databases could set up a hacker for life with the money they could make. Hacker collectives and clusters will even work together to bring down an app, whether to make a statement or to make a profit.
Here are topics and considerations that every app developer should be aware of when they’re rolling out their latest product:
Why do app makers need to take security seriously?
First, we must wonder whether the future of apps is compatible with the security and privacy standards some users and consumer groups are demanding. Technology doesn’t always progress naturally in this manner, and a single hacker breakthrough can mean that cybersecurity professionals and app developers must entirely rethink the way they handle their cybersecurity strategies. There are usually several vectors that allow hackers entry, and the more advanced an app, the more likely one will be breached.
These are some of the concerns that developers must tackle over the next couple years and balance constantly:
While many security features such as encrypted data are extremely useful, if not vital, to users hoping to stay safe while using a particular app, some of those features can slow down a connection speed and thus the app’s effectiveness. This could decrease adoption rates as well as reduce profitability in the long run, making some apps ineffective if they adopt security features.
Some apps must be released on a strict timeline to be relevant to their intended audience, but adding security features usually extends the timeline of an app’s release.
How well will security features in their app work with already existing security features in other security apps and operating systems? How can they cooperate with causing a negative user experience?
[Image source: Citizen Lab]
Scams and behavior manipulation
Security features that protect the user from attacks that attack the phone directly won’t be nearly as important as security features that trick the user into handing over their information. Scams and social engineering are far too common in the field of cybersecurity, and most experts will tell you that companies aren’t doing enough to protect themselves or clients.
New apps should try to implement or at least consider the following actions and strategies:
Create a clear system of protocol that users must stick to when dealing with account information and establish a clear and singular method of retrieval in the event of account loss or password loss.
If possible, the app creators should attempt to control and eliminate (perhaps through legal action) any imitators holding malware in their system, both to protect their users and protect their app’s good reputation.
App developers should try to get into the mind of a scammer or hacker while developing their app to determine any methodologies hackers could potentially use to trick a consumer. What could be most easily copied? What might people get confused about? Solving any problems like those that come up will not only protect an app but make it more user-friendly.
Apps and developers should have a strongly established website and social media presence if only to discourage imitators and scammers who would fill the void.
Network usage and the prevalence of hackers
Apps use data, and some apps almost require the use of WiFi when being used due to the massive amount of data they send and receive. This can be an issue in terms of security due to the unsafe nature of public networks, on which even the most unskilled of hackers can steal everything going to and from a user. This can spell trouble for the app-maker and the user alike.
Creators of new apps will want to review the following to see if they can alleviate this potential danger:
Are they friendly toward the use of consumer Virtual Private Networks so that users can safely avoid hackers on public networks?
Is only necessary data being sent and received on a regular basis? Are there alternative in-app solutions as opposed to relying on the internet? While not always possible, app developers in the future may wish to consider these questions before automatically using an online solution.
Can the information the app sends be encrypted to protect it from sniffer programs and rogue network administrators?
The importance of privacy
There is also a greater need for privacy when we are considering the apps being created today. People are now more aware than ever of the permissions an app will use, and they might very well be hesitant to use an app based on what information it requests from a user’s phone.
App users care about privacy, and app developers should be as well, if not from an ethical perspective than from a financial perspective. If an app gets a bad reputation, unless there is no alternative, users will prefer the option that guarantees their privacy. People simply don’t want their information used against them in the long run, and they don’t want to make it easy for hackers to commit identity theft against them.
New apps might want to consider doing the following:
Making sure that there are options to hide information from other users, should that be relevant to the app.
Allowing for the deletion of an account at any time.
Ensuring that information collected through the app will not be shared with harmful advertisers or third parties and instead only used for app development and improved user experience.
Be completely transparent about what information is being collected by the app to fully inform the user to make an educated decision about their app use.
Of course, every app is a bit different and should take security into consideration in different ways. However, privacy is the general rule and motive developers should follow when they're considering cybersecurity within their app.
[Image source: Naked Security]
More powerful apps need more information
This need for privacy will become more relevant as apps and programs require more information from their users.
While not a perfect example, consider Cortana or Siri. The amount of information they collect is staggering, as is the potential problems should those programs be compromised. To hackers, figuring out the secret to unlocking one of these programs to spew out data is something of a holy grail.
When app developers are planning and creating their apps, are they keeping in mind the amount and types of sensitive information they are asking for? Do they have plans and protections in place for the consumer? Sometimes the consumer won’t be aware of what is going, but should a cybersecurity incident occur, it’s likely that they’ll find out very quickly.
A plan for the future
These different concerns form a cohesive whole in the mind of the cybersecurity professional, and that perspective will likely need to be consulted increasingly often by your average app developer. It will soon be a full-time job to monitor the security features for comprehensive apps, and as such, it will likely change the course of app development in the future.
Does this mean that a cybersecurity consultant will be necessary on every app that comes out? Not likely, as it’s hard to imagine a calculary app stealing your bank account information (unless it's malware). Yet apps that work with financial information and personal details will need to increase security measures as they become more complex and hackers gain more expertise in the app world.
App developers will need to consider the costs of such a specialist, but the cost of a cybersecurity breach cannot be ignored. A company can lose millions of dollars in lost productivity, or they could have to settle a lawsuit with the victims of their poor planning. While hackers might ultimately be responsible for the attack, app developers still need to hold up their end of the bargain. Will app developers listen to these concerns? Some will, but others will need some reminding, and users might suffer in the meanwhile. Hopefully, the growing pains are short.