• About Us
  • Contact
  • Careers
  • Send Us a Tip
Menu
  • About Us
  • Contact
  • Careers
  • Send Us a Tip
CyberNews logo
Newsletter
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
Menu
  • Home
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
CyberNews logo

Home » Editorial » Using source code protection to prevent hacks to your mobile apps

Using source code protection to prevent hacks to your mobile apps

by Adi Gaskell
15 October 2020
in Editorial
0
Hacker in front of computers
35
SHARES
I’m sure we’re all familiar with stories of popular websites being hacked, or of IT systems in airlines and banks coming under attack. We’re perhaps less familiar with the mobile apps that power our smartphones being compromised, yet it’s an increasingly popular target for attackers.

An accomplished hacker can compromise an app in a matter of minutes, thus gaining access to your database, your ERP, your intellectual property, or even your customers. It’s crucial, therefore, that app developers do all they can to ensure their software is safe and secure.

In an ideal world, apps would undergo an independent security audit before they’re launched onto the App Store or Google Play. This is especially important for apps that are dealing with extremely sensitive information, such as banking or government apps. It’s a process that should ideally start as early in the software development process as possible to ensure that security is considered from the start.

Secure development

Developers should also endeavor to follow application security guidelines that are already well established, such as Mobile Security Testing Guide, developed by Open Web Application Security Project (OWASP). The guide outlines a number of possible sources of attack, and urges developers to ensure that their particular app isn’t susceptible to attack along any of them.

Another key area of vulnerability is the very source code that powers the apps themselves.

Typically, when apps are shipped, the source code is released as plain text, which makes it easy for everyone to view, whether friend or foe. It’s a sufficient threat that it earned a mention in the ISO 27001 information security standard, with the standard highlighting that the source code needs to be adequately protected otherwise attackers have a strong means of compromising systems, often without detection.

Source code vulnerabilities bring a number of risks, not least of which is the ability for attackers to directly modify the code, change the system API, modify the contents of memory or manipulate the data and resources of the application. This would allow the hacker to change the intended use of the app.

Perhaps even more dangerously, access to the source code makes it much easier for hackers to create an army of copycats in the hope that they fool users into installing it for phishing purposes.

Keeping code safe

To battle against this, it’s important that developers implement robust source code protection methods that obfuscate the source code to make cloning and reverse-engineering apps that much harder. These methods should also enable runtime defenses that thwart any copycats and lock any potential attackers out.

The following are a number of the most common methods used to keep source code safe from attacks:

  • Encryption – For apps, the source code is often the most valuable thing, especially on the programming side of things. As such, it is sensible to explore options to encrypt the key bits of data when they’re both in transit and also at rest. This will play a major role in keeping your code secure.
  • Monitoring – Developers should also strive to keep a constant watch over their data, with alerts setup to notify them of any suspicious activity. As with so many problems in life, early detection allows for easier and more effective remedial actions, while also providing insights to bolster defences in future.
  • Access restriction – Restricting access to the source code is obviously one of the more straightforward means of defence. While this might not be possible once the app is published, within your organization, access should be limited purely to those members with hands-on roles. Even among these employees, two-factor authentication should be deployed to ensure only the right people have access to your code.
  • Copyright – Copyright law is one of the better ways of protecting your source code, and it’s sensible to treat your code the way you would with any other part of your intellectual property. This might even include issuing patents to ensure you’re fully protected by the weight of the law.

While each of these approaches may be valuable in isolation, it’s often best to utilize as many of them as you can to ensure that you have all of your bases covered. After all, as far as your source code is concerned, it’s rare that you can ever have too much protection.

Mobile apps are an increasingly important part of our lives, and provide an intersection between the public and vital services. Valuable as these applications are to users, so too are they a tantalizing target for attackers keen to get their hands on such a treasure trove of data. As such, it’s vital that developers do all they can to ensure that their source code is as safe as possible.

Share35TweetShareShare

Related Posts

NSFW: tech support workers share their oddest job experiences

NSFW: tech support workers share their oddest job experiences

15 January 2021

These researchers create mouth-watering (but fake) pizza images. Why?

15 January 2021
Here’s why you should leave WhatsApp for Signal, not Telegram

Here’s why you should leave WhatsApp for Signal, not Telegram

13 January 2021

Bonnie Butlin: women in cybersecurity are often working without much recognition

13 January 2021
Next Post
Social media app Panion leaks user data

Social media app leaks data of 172,000 users, including location coordinates

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Popular News

  • 70TB of Parler users’ messages, videos, and posts leaked by security researchers

    70TB of Parler users’ messages, videos, and posts leaked by security researchers

    81962 shares
    Share 81952 Tweet 0
  • Tutanota vs. ProtonMail: which is the better secure email service?

    0 shares
    Share 0 Tweet 0
  • 1 million highly sensitive NSFW pictures leaked by Korean teen dating app

    59 shares
    Share 59 Tweet 0
  • Bitwarden Review

    0 shares
    Share 0 Tweet 0
  • The ultimate guide to safe and anonymous online payment methods in 2021

    13 shares
    Share 13 Tweet 0
NSFW: tech support workers share their oddest job experiences

NSFW: tech support workers share their oddest job experiences

15 January 2021
This fake TikTok service promises free followers but gives you free malware instead

This fake TikTok service promises free followers but gives you free malware instead

15 January 2021

These researchers create mouth-watering (but fake) pizza images. Why?

15 January 2021
Telegram app on mobile

Watch out: there’s a new Telegram scam about

15 January 2021
Samsung launches new flagship Galaxy S smartphone early, targets remote workers, gamers

Samsung launches new flagship Galaxy S smartphone early, targets remote workers, gamers

15 January 2021
An unintended consequence: can deepfakes kill video evidence?

An unintended consequence: can deepfakes kill video evidence?

14 January 2021
Newsletter

Subscribe for security tips and CyberNews updates.

Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Categories
  • News
  • Editorial
  • Security
  • Privacy
  • Resources
  • VPNs
  • Password Managers
  • Secure Email Providers
  • Antivirus Software Reviews
Tools
  • Personal data leak checker
  • Strong password generator
About Us

We aim to provide you with the latest tech news, product reviews, and analysis that should guide you through the ever-expanding land of technology.

Careers

We are hiring.

  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.

Home

News

Editorial

Security

Privacy

Resources

  • In the News
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!