Are Startups Taking App Security Into Consideration?
App security is a major concern for a number of users. With the news of hacks and malware becoming more common on the internet, it’s not uncommon for the average smartphone user to wonder whether or not he or she is actually safe online.
Some are beginning to take a closer look at the user’s permissions that are displayed each time they download a new app while others are reading reviews before downloading. Because of the potential threats to customers’ security, some developers are trying to improve app security to provide a better experience for their users.
A couple apps released within the past year or so have features that can be used in an effort to keep users safe, but are all apps taking security into consideration?
Apple and Samsung’s foray into the world of digital payment has sent up red flags in the community. Users are happy to have a fancy way to pay for their coffee but are concerned about how safe their payment methods are compared to traditional means.
Fortunately for everyone involved, both companies have taken steps to ensure security. To begin with, both Samsung Pay and Apple Pay require the user to input their password or pin each and every time they open the app. Making a payment requires additional user input. Additionally, the range on the near-field scanning technology is limited enough to reduce the likelihood of hackers intercepting payment information. In some cases that range can be a nuisance because your device needs to be practically touching the credit machine.
Banking and Financial Apps
In the past, many apps, particularly those on the social media spectrum, left users logged in at all times so long as they didn’t lose internet connection. These apps run in the background out of convenience sake. They are also at high risk for infiltration, either directly through physical interfacing or indirectly via malware and hacking.
But apps, particularly those used by financial institutions, are moving away from always being logged in and going more toward temporary on-demand style logins. For instance, closing the Bank of America app immediately logs the user out, even if the app is reopened just seconds later. Other apps will time users out to ensure their information remains protected.
In the meantime, apps that help make logging in safer and more secure also are becoming increasingly popular.
The Growth of VPNs
As the internet becomes increasingly laden with criminal syndicates and freelance hackers, more and more devices are beginning to integrate support for Virtual Private Networks (VPNs). As a result, numerous VPN companies have sprouted up to meet the demand.
In case you’re unfamiliar with what a VPN does, think of it as an internet encryption service. All data sent and received channel through a remote server where it is encrypted and anonymously sent back and forth to the user and the user’s destinations. Secure Thoughts has some additional information available about the specifics.
Other factors have also contributed to an increase in VPN prominence, such as geographic restrictions on content and the desire to remain invisible to authority figures in countries with less online freedom. Either way, their availability makes all other online apps safer.
When it comes to online app security, there are countless suggestions available that involve improving passwords. Using different letter and number combinations only takes one so far; passwords can still be stolen by means of malware, particularly the keylogging variety.
Fortunately, a number of services are now offering a second form of password required to log in to services. Blizzard Entertainment, for instance, uses an “authenticator” service whereby users first enter their password when logging into a game or service and are then prompted for a code generated by a second device for a limited window of time. The authenticator is typically either a device specifically for that purpose (literally an authenticator) or an app designed to fulfill the same purpose.
Blizzard isn’t alone in this sort of authentication. Other services use text messages to send one-time codes to users to verify their identity. This is a big step up from answering secret questions or providing the last four digits of a social security number; both items can be stolen, whereas an authenticator is much less likely to be compromised.
While in theory putting all your eggs in one basket sounds like a major risk, app creators have found that using a unified account that is well protected to sync user data is actually beneficial. This is especially true for users with important data that could be lost in the event of device damage or theft.
By syncing data to a digital account, users are protected from everyday accidents and woes. That doesn’t mean they’re protected from hackers or thieves, but security improvements on the digital end regarding encryption and better login requirements have helped alleviate some concerns.
On the other hand, there are those that have not bothered to help improve app security with linked accounts. The multitude of websites that allow a user to log in simply using Facebook actually decreases security. That’s largely because a Facebook account (or Twitter for that matter) is anything but private.
The Sharing Menace
At the opposite end of the spectrum, we have the huge push toward making absolutely everything you do public information. Except for some of the aforementioned types of apps (financial, authentication, etc.), most apps actually go out of their way to integrate some form of social media connection into their layouts.
In most cases that simply means a “share” button, but in some cases apps may even report the user’s location along with what they were doing and exactly when. This type of information can easily be used to track and profile someone’s activities. The more sinister users of the internet aren’t above harvesting public data to commit crimes either.
Most users consider it a benefit to be able to stay connected with their friends and family in everything they do, but in terms of security, that couldn’t be further from the truth.
Improvements from Google
One last detail worth noting is the big change in Google’s most recent release. As of Android 6.0.1, users finally have the opportunity to assign permissions to apps individually. In the past, there was simply a warning about what permissions an app required to run and the user could either take it or leave it.
This change was likely made to keep pace with Apple, as iOS has had this feature for quite some time. Whatever the reasoning might be, it makes Android a safer OS for everyone using it.
Do you think developers are taking app security seriously? Tell us what you think in the comments section.
About the Author: Cassie is a specialist in personal internet security, especially as it pertains to apps. When she’s not writing about app security, she’s blogging on CultureCoverage.com about popular culture and recent trends.