Android and iOS Security Best Practices

By -
Android and iOS Security Best Practices                                                                                              
Mobile operating systems have moved on from simply being smartphone-exclusive OS to a platform for music players and tablets as well. This makes them much more available for a wider user group. Operating systems such as iOS and Android are responsible for the maintenance of various images, videos, apps, documents, music, messages, schedules, calls and other personal information for improving efficiency. Due to this reason, mobile OS developers have created built-in options for configuration in order to protect the operating systems from various security loopholes. However, few of these actually begin to work from the time mobile devices are unboxed. Find out about some of the best practices for Android and iOS for preventing or mitigating loss of confidentiality, loss of data or unauthorized access.
Using native SSL libraries
A few 3rd party libraries come with HeartBleed and a number of other flaws, which can easily be exploited for bigger attacks. This is exactly the reason why native SSL libraries have to be used on the operating systems.
Using mutual SSL authentication
In order to get server connections validated, you should make use of mutual SSL authentication in all the mobile apps that you use. This will make sure that your apps only contacts the desired server and it is not redirected to some other malicious server.
Encrypt the app communication
You need to encrypt the communication data of your apps. It is important not to turn off the encryption in iOS9.
Pin the certificates
For mutual authentication and encrypted communications, you should pin the certificates. Do not depend on root certificates that are stored in the operating system, given that there can be addition of new roots – which can result in attacks from malicious users in the middle.
Avoid unreliable library downloads
You should avoid the use of precompiled 3rd party libraries, as you cannot be sure about what they can actually do. The 3rd party libraries could be graphics libraries, ad libraries or even encryption libraries. Never download libraries from any unreliable party.
Rely on inter-app communication                                                                                                          
You should just activate inter-app communication for the mobile apps you know to be safe, and allow apps to communicate with them. Make sure that all the inter-app communication is properly encrypted.
Never store unencrypted files
Avoid storing any file that is not encrypted. Make sure that all the encryption libraries are utilized completely. Never store any data in your app that can be personally identified, and which happens to be non-essential in form. Use proper encryption for the data that you store on the phone as well as the information that is in transit, with the help of VPN and other secure technologies. Another best practice for mobile security is to disallow the transmission of personal or sensitive data over a public hotspot of Wi-Fi, particularly one that is unsecured, without the use of a VPN or some other safe transmission option.
Avoid using APNS messages for confidential data
Avoid using APNS or SMS messages to send out sensitive data, which can easily be read by any individual having full access to your mobile phone – even when your device happens to be locked.
Use your app with care
Never store any password on your app. Take a long and hard look at any plug-in being used by your app. Such types of plug-ins frequently act as transmitters that introduce security flaws into mobile apps. While using iOS apps, you need to store credentials and secrets in the KeyChain. This can leverage the built-in security of the KeyChain. Never simply copy a list of permissions from any generic app. Declare only the permissions that you really need and utilize in the app.
Use codes from reliable vendors
You should use development tools and codes only from reliable vendors, and download core development tools and libraries from the actual download websites of Google or Apple only, such as Android store or iTunes app store. Never download them from any unofficial website. Otherwise, you may end up getting your app being infected by XcodeGhost or some other malware.
Use PIE during app compilation
When you are compiling the app, enable PIE (Position Independent Execution). This is essential for reducing the risks of malicious tools and apps accessing recognized memory locations in your mobile apps.
Embed API keys with care                                                                                                                      
Keep in mind that API can be utilized for accessing accounts or sensitive data on cloud services. Naturally, you should be extremely choosing when your embed API keys in your mobile app. One can copy API keys from any rooted or Jailbroken mobile phone. Make sure that all the access controls are imposed by the entry of some user credential or a password that is typed in by the user. This feature is not available in every app.
Check your app before release
Financial services apps need to add codes to check for rooted or Jailbroken phones. They should not let any transactions happen from any compromised mobile phone. Before the release of your app, you need to use Proofpoint Mobile Defense tools to evaluate your app and validate the behavior that it exhibits. Get the code reviewed by external parties, after your own team members have checked them out.
Have a privacy policy
Get a proper privacy policy in place, which describes accurately what your servers and app do with all the data. Have an in-house legal counsel review your privacy policy related to the app. The privacy policy should be published along with your app and related to your entry in the app store.
Use security patches to update your mobile operating system

 Have the mobile OS and all its apps completely up-to-date. OS for mobile devices such as Android or iOS provide users with regular updates, in order to resolve all the security flaws and various other threats related to mobile security. These also offer extra performance features and options as well as additional security to users. You have to turn automatic updates on for your mobile devices or manually update your apps and phones from time to time.


Other blogs by the author
55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 09 08 07 06 05 04 03 02 01 

Comments

Post a Comment

Popular posts from this blog

Internet of Things - MindMap

By -
Image
Internet of Things Definition Physical objects or "Things" as we call them, embedded with smart sensors with ability to be connected to the Internet becomes "Internet of Things" or IoT. The advantages of IoT is remote management of Physical Objects ("things") from anywhere. Below is a mindmap that gives a high level overview of Internet of Things. Article on Internet of Things submitted by: Praveen Kumar President & Co-Founder Nanite Solutions http://www.nanitesol.com Other blogs by the author 55   54   53   52   51   50   49   48   47   46   45   44   43   42   41   40   39   38   37   36   35   34   33   32   31   30   29   28   27   26   25   24   23   22   21   20   19   18   17   16   15   14   13   12   11   10   09   08   07   06   05   04   03   02   01  
Read more

Creating a Mobile Strategy: Find out the top 10 ways!

By -
Image
Creating a Mobile Strategy: Find out the top 10 ways!  For any company, it can be quite difficult to come up with a solid mobile strategy.  Regardless of the business size, there are plenty of things that need to be taken into consideration. There is great complexity, considering the number of people who have to be involved. It is impossible to expect any strategies to draw a mobile-specific plan, given that the needs and objectives of each business are different from the other.  For a mobile strategy to be successful at all levels, various things have to be considered.  Understand competitor strategy Your mobile strategy will be determined by your company strategy. You have to first understand the mission of your company, its goals, the existing market conditions and the biggest competitors. Other than this, you should also analyze the strengths and weaknesses for your company as well as the possible pitfalls and chances lying ahead. You need to let stakeholders from d
Read more

Trends in Cloud Computing for 2016 and Beyond

By -
Image
Trends in Cloud Computing for 2016 and Beyond Before 2015 has ended, Cloud strategy had been adopted by 82% organizations. This is a huge growth, when compared to 74% from 2014. By 2017, Cloud computing is anticipated to touch the 250USD billion mark. It is strange to think that Cloud computing was dismissed by industry experts as just another technological fad, which comes with tons of hype but little practical worth. However, the Cloud technology has truly arrived today and has been acknowledged widely by companies as well as analysts as a driving force for the modern IT scene. It is changing the way upgrades are dealt with, software packages are deployed and data centers are created. But where is Cloud computing heading? Check out some of the newest trends to be seen in this domain in 2016. Cloud Automation In 2015, Cloud technology got its business-level automation - which was driven by the intricacy of creation and management of cloud infrastructure surpassing the
Read more