Apps are Replacing Websites as the Biggest Security Concern

There has been much and appropriate ado about the personal data leakage from Facebook. Although the data was actually siphoned from mobile apps, Facebook is still primarily viewed as a website in the eyes of most users.

It is probably good news for social media users that the breach at Facebook came from a mismanaged app strategy as it highlights the mobile app media category as a potential privacy risk.

While there is little talk of computer viruses running amok on our handheld phones, the idea that an app may be doing nefarious things with all of our contact and personal information on our phones is truly scary.

One technical arena where this happens is the lack of encryption. Specifically, when apps use the normal http protocol instead of the more secure https, they risk exposing data to any device that is positioned to intercept it.

Kaspersky Lab, the Russian anti-virus company found the problem rampant among computer dating apps. Those apps use common computer code libraries called SDK’s which are Software Development Kits.

Those SDK’s sometimes employ methods that are not totally secure. As a result, any software developed using those kits as the foundation for their software code can be as vulnerable as the SDK itself is.

The bad news is that everyone uses an SDK these days. The good news is that most SDK’s are actually more secure than customized code that is custom written, because it is extra work to ensure every new piece of code is written in a secure manner.

For apps with limited distribution, the exposure is also limited. But some apps have literally 10’s of millions of downloads. Those are the kinds of apps that risk exposure of lots of data really quickly.