Beware: The security crisis behind mobile app apps!

Source: Internet
Author: User
Tags sorts

I believe everyone will have the same question when installing apps on their mobile devices: Why do these apps have to read my contacts, get my location info, read my text messages, control my camera ... Oh, my God, all sorts of doubts about mobile applications can be written 100,000 why. Here's a question, what if the mobile app doesn't work without reading this information? Actually in all this action back ...
-This is a mobile era, this is a good time, this is a people do not trust the times.
I believe everyone will have the same question when installing apps on their mobile devices: Why do these apps have to read my contacts, get my location info, read my text messages, control my camera ... Oh, my God, all sorts of doubts about mobile applications can be written 100,000 why. Here's a question, what if the mobile app doesn't work without reading this information? What actually hides behind all this is the security crisis that mobile apps are facing-moving malicious threats.
according to statistics, as of June 2014, the size of China's internet users has reached 632 million, and mobile phone users of the scale of more than 527 million, Internet users use the proportion of mobile phone online for the first time than the use of computer Internet. At the same time, the number of malicious mobile apps is also growing, the number of mobile malicious apps has exceeded 2 million in the first quarter of 2014, is expected to exceed 3 million by the end of the year, compared with the 2012 350,000 of the number of malicious apps increased by more than 8 times times.
The considerable number of mobile phone users to promote the prosperity of mobile applications, rich and colorful mobile applications have made mobile phone users have a "disorderly flower gradually appealing eye" feeling, but when netizens are enjoying the convenience and joy of mobile applications, malicious attackers also found something, For example, Internet users in mobile phone charges, such as mobile phone-linked online banking, such as the mobile phone can be unprotected access to the enterprise's internal network ... In May 2014, Praetorian, a security company, researched mobile banking clients in more than 150 U.S. banks and released a survey report mobile Banking security:building and maintaining secure Mobile Apps. The report concludes that 80% of mobile banking clients in the United States have high risk trading risks.
the Mobile Banking Risk Analysis report is a rich sample of the 50 largest banks in the United States (Top megabanks), such as Bank of America, Deutsche Bank, and American Express ( American Express Company), Citibank, JPMorgan Chase (JP Morgan Chase), top 50 largest regional banks in the United States (largest regional Banks), such as Silicon Valley Bank ( Silicon Valley BK), Bank of Hawaii, and the top 50 largest credit union Bank of the United States (largest Hawaii unions), such as the Federal Naval Credit Association (Navy Federal Union) and so on. As you can see from the survey report, more than 80% of America's largest 50 giant banks, the largest 50 regional banks, and the largest 50 federal credit banks, face huge security risks in mobile banking. Banking is the industry that attaches the highest importance to safety and is the most willing to use the latest security technology to protect its system security. But it is such an industry, most of the most powerful companies, still in mobile banking, there are security risks, this shows the severity of mobile security issues.
Mobile security risks for financial institutions Android mobile phones
in Gartner's 2014 information security trends and summaries, mobile malicious code mainly manifests as Trojan text messages, followed by backdoor procedures. In addition, all mobile device malicious code attacks require user interaction. In other words, the malicious mobile application to do evil, the first need to get the user's "consent." So these malicious mobile applications will generally be disguised as a variety of text messages to lure people into the trap, such as a burst of "very successful" "XX artifact." In addition, many very hot mobile applications are also meant by malicious attackers, or malicious attackers may secretly load malicious code obedient while look in these mobile applications, or they may spoof the user with a direct disguise.
Mobile applications currently face 10 major security risks:
1. Weak service-side control
2. Unsafe data storage
3. Insufficient protection of the transport layer
4. Accidental data breaches
5. Weak authorization authentication
6. hack Password algorithm
7. Client Injection
8. Security decisions through untrusted inputs
9. Session sessions not handled properly
10. Lack of binary File Protection
in the face of application security, there are new security products such as Web application firewall, NGFW and so on to help users establish a strong security line. However, due to the lack of effective security protection products, the security protection system is very fragile. This is tantamount to opening a fragile glass door on the application system, so that malicious attackers can break into the windows at any time, any place, easily into the application system, such as into the network banking system to steal the money of users, into the enterprise business system to steal confidential data.
In fact, these are just the tip of the iceberg of the security crisis behind mobile apps. Mobile apps are now facing a secure, empty window in both product and consciousness, and malicious attackers will have to take advantage of this period to launch more attacks. At this point, we need to consider how to build a solid mobile security protection system, mobile application security has become a priority. for mobile applications behind the security crisis, mobile application Dex source file security is the most important, therefore, this Dex source encryption protection is actually necessary, in this respect, can do there is love encryption this platform, different types of applications also have different encryption protection scheme, details can be learned here: Http://www.ijiami.cn/appprotect_mobile_games

Beware: The security crisis behind mobile app apps!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.