dcsimg

Black Hat 2015: 5 Takeaways on Mobile App Security

  • Black Hat 2015: 5 Takeaways on Mobile App Security-

    Apple's Push for Competitive Functionality

    However, Apple's push for competitive functionality may open vulnerabilities in the near future.

    As demand for new features and services continues to grow, Apple has had to make some concessions to their super-strict security model, and this may open up new opportunities for exploitation in the near future. As an example, in order to solve the problem of inter-app communication - something Android does really well - Apple had to add "App Extensions" to their latest release. This opens a similar vulnerability to Android's "Intents," which act as declarations of how and with what information apps are able to communicate and share information.

    Intents have been identified in a number of Android vulnerabilities, and this may eventually prove to be the case with Apple's App Extensions. At the very least, these extensions will add more strain, and likely more latency, to an already onerous approval process for Apple apps.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8

Black Hat 2015: 5 Takeaways on Mobile App Security

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
  • Black Hat 2015: 5 Takeaways on Mobile App Security-3

    Apple's Push for Competitive Functionality

    However, Apple's push for competitive functionality may open vulnerabilities in the near future.

    As demand for new features and services continues to grow, Apple has had to make some concessions to their super-strict security model, and this may open up new opportunities for exploitation in the near future. As an example, in order to solve the problem of inter-app communication - something Android does really well - Apple had to add "App Extensions" to their latest release. This opens a similar vulnerability to Android's "Intents," which act as declarations of how and with what information apps are able to communicate and share information.

    Intents have been identified in a number of Android vulnerabilities, and this may eventually prove to be the case with Apple's App Extensions. At the very least, these extensions will add more strain, and likely more latency, to an already onerous approval process for Apple apps.

There was a wide spectrum of experts – from hackers to security communities – at the annual Black Hat conference in Las Vegas, concluding last week. The conference always provides a great perspective on the state of security today through technical briefings and hacking workshops, led by the premier minds in the field.

While Apple and Android's models are working fairly well for the user communities they are targeting, it's clear that there continue to be significant vulnerabilities in enterprise mobile app development. Developing secure mobile apps that protect companies from external threats and ensure that data privacy, security and regulatory demands are met is not an easy task.

The plane of vulnerability across corporate data extends significantly as soon as you include mobile in your portfolio. One of the most critical threats to enterprises comes from within – the mishandling and misappropriation of sensitive corporate data by employees. While Apple and Android continue to provide valuable tools and processes to help with security, it is ultimately up to the designers and developers of the apps and supporting infrastructure to understand, appreciate and code to the security and compliance standards set forth by the community at large.

In this slideshow, Robert McCarthy, technical advisor at Mobiquity, outlines five takeaways from this year's Black Hat 2015, particularly focusing on the differences in Apple and Android's security models – and how you should address them.