Black Hat 2015: 5 Takeaways on Mobile App Security

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next Black Hat 2015: 5 Takeaways on Mobile App Security-4 Next

Android in Context

Android vulnerabilities abound, but everything should be taken in context.

Android's eco-system is almost the polar opposite of Apple's, with its OEM and distribution partnerships, open-source code projects, and third-party tool vendors. Android's open strategy relies on the power of the community to drive toward a more secure and stable product.

While this may happen at some point in the distant future, for now this strategy means that a lot of responsible parties, including the user, are involved in ensuring apps and devices are secure. This can make for a nightmare scenario of coordination when it comes to educating and evaluating developers on secure coding best practices, organizing OEMs around rapid responses to security patching, and providing the proper set of tools and warnings to the user to ensure they are fully aware of any steps they take that may affect their security or privacy posture. In the hacking session McCarthy attended, he was amazed at the speed and ease with which he was able to unwrap an app, analyze its manifest, run it in an emulator, execute his own code, and even rewrite code and repackage it for distribution. All of this provides incredibly meaningful insight for any smart and determined hacker to build a complete profile of the vulnerabilities available within an app, and within the OS itself.

There was a wide spectrum of experts – from hackers to security communities – at the annual Black Hat conference in Las Vegas, concluding last week. The conference always provides a great perspective on the state of security today through technical briefings and hacking workshops, led by the premier minds in the field.

While Apple and Android's models are working fairly well for the user communities they are targeting, it's clear that there continue to be significant vulnerabilities in enterprise mobile app development. Developing secure mobile apps that protect companies from external threats and ensure that data privacy, security and regulatory demands are met is not an easy task.

The plane of vulnerability across corporate data extends significantly as soon as you include mobile in your portfolio. One of the most critical threats to enterprises comes from within – the mishandling and misappropriation of sensitive corporate data by employees. While Apple and Android continue to provide valuable tools and processes to help with security, it is ultimately up to the designers and developers of the apps and supporting infrastructure to understand, appreciate and code to the security and compliance standards set forth by the community at large.

In this slideshow, Robert McCarthy, technical advisor at Mobiquity, outlines five takeaways from this year's Black Hat 2015, particularly focusing on the differences in Apple and Android's security models – and how you should address them.


Related Topics : In Their Own Words: The Four Dark Horses for the Third Major Mobile OS Speak, HTC, Mobile Search, 3G, Location-Based Services

More Slideshows

Wearables How Wearable Devices Are Creating Innovation in the Workplace

Wearables are revolutionizing the workplace, with innovations that create a safer work environment or enhance the way professionals are able to go about their job. ...  More >>

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Global33-290x195 2017 and Beyond: How Digital Innovation Will Impact the World

Digital innovation is by far the biggest influencer, changing the way we do just about everything, from shopping to communication to running a business. ...  More >>

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.