1. Mobile applications are a growing technology as many businesses and industries have adopted it. Its flexibility allowing employees, customers, and vendors the ability to stay connected as well as unrestricted mobility, and real time data sharing has shifted much of the working environments to mobile applications (Quirolgico, Voas, Karygiannis, Michael, & Scarfone, 2015).
With mobile applications come new security threats. Although most applications have been vetted by the app stores they can still present security loopholes that can be exposed by hackers. This is because most mobile application companies do not possess the resources necessary to fully secure applications along with the security requirements varying from organization to organization (Quirolgico, Voas, Karygiannis, Michael, & Scarfone, 2015). Mobile applications are acceptable to a lot of the same risk as desktop software such as spyware, Trojan software and insecurely designed apps. The difference comes in the functionality that mobile devices are designed around.
Mobile applications tend to be designed around personal and communication functionality, this functionality fundamentally changes the risk involved with the applications
(Veracode, 2011). The risk that are involved with mobile applications are vulnerabilities in the software that can lead to malicious code penetrating and having access to your data and device sensors (Veracode, 2011). These vulnerabilities can lead to your location being tracked, pictures and emails being stolen, and loss of functionality of tablet or phone. According to Dcompilingandroid.com some risk that mobile applications present are (1) Insecure Data Storage such as passwords, user names, cookies, and authentication tokens. Loopholes in applications can lead to any one if not all of these being exposed. (2) Weak side server control – these are the servers that the apps are accessing, these servers can be from the developer of the application or a third party server and must have proper security measures. Other security threats include (3) Insufficient transport layer protection, (4) Client Side Injections, (5) improper session handling, and Side Channel Data Leakage (Veracode n.d).
Mobile applications have become and intricate part of organizational activity and are presenting a new challenge in software security. They provide many advantages with their mobile flexibility and wireless capabilities which also introduces new security vulnerabilities such as hackers remotely stealing data and corrupting mobile hardware. This is why it is important for all mobile applications to be vetted by the vendor as well as the organization that will be using their services to maintain the integrity of the application.
Android. (2014). TOP 10 MOBILE SECURITY RISKS. Retrieved from Decompiling Android: http://www.decompilingandroid.com/mobile-app-security/top-10-mobile-security-risks/
Quirolgico, S., Voas, J., Karygiannis, T., Michael, C., & Scarfone, K. (2015, January). Vetting the Security of Mobile Applications . Retrieved from NIST Special Publication 800-163 : http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-163.pdf
Veracode. (2011). Understanding the Risks of Mobile Applications. Retrieved from Info Security: http://www.infosecurityeurope.com/__novadocuments/108488?v=635786943849770000
Veracode. (n.d.). The Mobile App Top Ten Risk. Retrieved from OWASP: https://www.owasp.org/images/9/94/MobileTopTen.pdf
2. Mobile Application Security for Digital Government Services
Growing risks associated with adoption of mobile applications to deliver digital government services.
I will start by saying I most greatly enjoy everything mobile, I enjoy information at my finger tips and in my pockets. Many of the citizen want to be able use their phones and tablets to gain the information they are requesting. Mobile apps are controlled by consumer demand, and government agencies have to take action to be able to keep up with its citizens needs. With that said I cannot ignore the fact that there is a concern about security within mobile applications. I am aware that some government agencies have begun the process of pilot procedures and controls in order to secure mobile applications. In fact, the CIO Council reports that typical federal agencies are using between five and 20 apps (2016 Accenturedigital). Knowing that the government is trying to do its best to meet the demand of the people in making information more accessible, we have to ask about security. Especially mobile security.
It is very important to remember that there is sensitive data and information we have to protect. We must analyze the risk and the rewards.
Mobile app vulnerabilities are at the heart of many malicious attacks (N Tempestini 2014). This means that the real failure is in failing to secure them, and there is real impact for harm that can occur. We must not overlook whether or not the apps we are acquiring are protected from malicious hackers.
A recent study for IBM found that the average company tests less than half of the mobile apps they build, and 33% never test their apps for security before they go on the market.
An apps security can be impacted by the device its self, devices that are not secure, or have been altered by the owner or even an unauthorized app programmed to bypass system security, can allow a download of any app from any random source.
Well know devices like â€œjailbrakeâ€ or even â€œrootedâ€ are not allowed at most private or government facilities, these softwareâ€™s and technologies are evolving to be able to evade detection. Which can put company and government networks at risk.
We must also consider the cost of security landscape changes to the governmentâ€™s technology budget. We want to be able to provide fast and accessible service, but it must be safe, and the government has to be willing to invest in cyber safety like they invest in physical security. The average annual cost of mobile incidents for enterprises, including data loss, damage to the brand, productivity loss and loss of customer trust was USD $429,000 for enterprise. The average annual cost of mobile incidents for small businesses was USD $126,000 (Symantec Survey Jan 2012).
We cannot ignore growing risks associated with adoption of mobile applications to deliver digital government services, we must along with the excitement of creating new easy innovative ways to connect to the world not forget the risk. Cybersecurity, network security, and software security are all things that have to be remembered. Along with all the great things technology offers, there are those waiting to do harm with it.
Author Unknown. (2016). The mobile security issue that federal agencies cannot ignore. Improving security with mobile application lifecycle management. Accenture digital
Nicolas Tempestini. (2014) Accenture Federal Services. The Mobile Security Issue that Federal Agencies Cannot Ignore https://www.accenture.com/us-en/~/media/Accenture/Conversion-Assets/DotCom/Documents/Global/PDF/Technology_6/Accenture-Mobile-Security-Issue-that-Federal-Agencies-Cannot-Ignore-2014.pdf
Subbu Sthanu. (2015). Mobile App Security: 4 Critical Issues. Dark Reading
Newsroom (January 2012) Symantic news https://www.symantec.com/about/newsroom
NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.