Power Point Presentation

Name:

Course:

Institution:

Date:

Abstract

This paper aims at discovering the methods of securing native mobile applications and the probable threats they can experience in the advancing world of technology. Any kind of software, ranging from desktop to mobile applications, is believed to have defects that can lead to susceptibilities. These weaknesses, when subjugated, may bring in threat to the integrity, privacy, and accessibility of the software. However, various security auditing strategies might aid to minimize at a specific degree the level of confidence these risks have. With the outburst of mobile applications for day to day activities such as checking email, social networks, news, managing bank accounts, ensuring a satisfactory level of application security becomes essential for the usage and reliance of mobile services. This research identifies the effective analysis factors that can help the daily mobile application users to identify mobile risks as well as a probable methodology to security audit mobile software applications. The advancement in information technology and applications has increased the access of sensitive information such as International Mobile Equipment Identity Number (IMEI) of device, credit and debit card information, location information and login credentials thus the need to secure vulnerable applications from authorized access.

Introduction

Mobile application expansion in various platforms is based on functional and non-functional rations. Different types of platforms exist to organize mobile applications with distinctive private policies (Jing, Ahn, Zhao & Hu, 2014). This paper aims at highlighting mobile application security for native apps such as navigation programs and social media, for instance, Waze and Twitter respectively, and the methodologies that help reduce these security threats.

Analysis Blocks to Identify Mobile Risks

There are several risks identified by where frequent faults are found and how they can be surfaced during an application security auditing. These risks are associated with different factors such as attack vectors, aggressive agents, weaknesses, technical impact, and business impact. To demonstrate, weak server-side controls regards the threats from a third-party mechanism like extremity servers necessary for most mobile applications (Jing, Ahn, Zhao & Hu, 2014). This threat includes defenseless server arrangement, authentication errors, session supervision flaw, and access control weaknesses. Further, insecure data storage regards the possible risks created by weaknesses on the data storage in the mobile device which can lead to information leakage. Inadequate transport layer protection recognizes assailability such as non-encrypted transport layer communications, the application of susceptible cryptographic algorithms and recognition of illegal credentials (Zhang, Xu, Meng & Zheng, 2018). Unintentional data leakage risk recognizes the unidentified probable vulnerabilities in the data management by the operating system.

Poor authorization and verification identify risks linked with undesirable authentication suppositions such as that only authentic users can send requests to the system without extra confirmation of the user or weak verification protocols. Broken cryptography entails the inaccurate usage of the encryption/decryption course or the use of susceptible cryptographic algorithms while client-side injection collects the threat of not authenticating user input credentials as well as evading code injection (Zhang, Xu, Meng & Zheng, 2018). Another block is security decisions through suspicious inputs that carry together the threat linked with compliant of any form of input source which usually happens in the case of Inter-Process Communication (IPC) mechanisms (Jing, Ahn, Zhao & Hu, 2014). Again, improper handling of the session may accumulate the flaws that may lead to faults in handling user sessions, whereas, absence of binary protection is recognized as a threat using suspicious source sites to organize the mobile application code.

Methods of securing mobile applications

Some of the ways through which users can ensure their applications and sensitive data are secure are by using strategies such as writing secure code. For instance, bugs and faults in code are the first steps used by most attackers to break into an application by reversing or engineering it (Zhang, Xu, Meng & Zheng, 2018). Also, users need to design their code in an easy way to update and patch as well as testing repeatedly and fixing bugs when exposed. Data encryption is another way mobile application user need to adapt to avoid access to sensitive information such as emails (Skovoroda & Gamayunov, 2015). The use of authorized APIs can also reduce risks associated with mobile applications. For instance, APIs that are not endorsed and freely coded can involuntarily give hackers rights that can be distorted seriously. Again, the use of high-level authentication can reduce access to sensitive data and cases of security breaches (Zhang, Xu, Meng & Zheng, 2018). For instance, setting applications to only accept strong alphanumeric passwords is essential and this needs to be reviewed periodically after 3-6 months. A common instance is the use of multi-factor verification which entails a combination of static passwords and the use of changing OTP. The use of temper-detection technologies will alert the user when the code is tampered with while deploying proper session handling by the use of tokens rather than device identifiers to recognize sessions (Zhang, Xu, Meng & Zheng, 2018). Also, the use of effective cryptography techniques and tools for the management of mobile applications is essential in securing native apps.

Conclusion

Overall, mobile applications are facing risks that may be identified and avoided only if users opt to adopt effective ways of dealing with the faults. Proper handling sessions, the use of best cryptography methods, high-level verification, and the use of authorized APIs may help secure those apps effectively. Thus, users need to take precautions before installing, using or accessing servers using their mobile phones and developers need to ensure these apps cannot be compromised once sold in the future.

References

Jing, Y., Ahn, G. J., Zhao, Z., & Hu, H. (2014). Towards automated risk assessment and mitigation of mobile applications. IEEE Transactions on Dependable and Secure Computing, 12(5), 571-584.

Skovoroda, A., & Gamayunov, D. (2015). Securing mobile devices: malware mitigation methods. JoWUA, 6(2), 78-97.

Zhang, N., Xu, G., Meng, G., & Zheng, X. (2018, November). So, Protector: Securing Native C/C++ Libraries for Mobile Applications. In International Conference on Algorithms and Architectures for Parallel Processing (pp. 417-431). Springer, Cham.