Mobile Application Security (Android/iOS) Feb 2, 2019 by Checkmarx Mobile application security for Android and iOS doesn’t always receive the attention it deserves. Because smartphones have become more affordable and internet access improves, software development teams are increasing mobile application development. Mobile internet traffic today accounts for 61% of total web traffic in Asia, and 57% of total web traffic in Africa. According to statista, 48% of the total web traffic globally is mobile internet traffic. Mobile Application Security (Android/iOS) – An Overview There is a level of trust that the ordinary user places in technology. They assume that it is difficult to be hacked and that viruses, malware, and other security issues are not prevalent. The truth is that mobile application security for Android and iOS should be a high priority. These platforms face the same threats as other platforms. Malicious actors still want to steal data, for financial gain or more esoteric purposes. The Trustwave 2018 Global Security Report showed retail, finance and insurance industry, and hospitality suffered the most breach incidences. Trustwave found all web applications to be vulnerable, and that web attacks are becoming more targeted. Nearly half of global web traffic is via mobile, making it essential to deploy secure mobile applications. Mobile Application Security (Android/iOS) – Attack Points Malware creators use various points of attack for smartphone applications. These attack points include: Data storage areas: key stores, file systems, databases, config files; Binary attacks: reverse engineering, exploitation of vulnerabilities, embedding false credentials; Platform: function hooking, installing malware, developing botnets on smartphones, targeting specific architecture requirements of a platform. Mobile Application Security (Android/iOS) – Advice for Developers Mobile application development teams need to focus on security. It’s vital to understand the mobile platform and how the operating system (OS) functions. This allows developers to understand the possible threats to mobile application security and take action to prevent or minimize these threats. They should know how the code libraries for their application link to the OS itself and examine threats that emerge as part of that process. Software development teams must be confident that they know the contents of the final compiled version of the application and how an attacker might read that compiled code. Mobile application security (Android or iOS) can be enhanced by fully understanding where every piece of data is stored (cache, database, configuration information), then examining how that data can be better secured against attack. How can Checkmarx help with mobile application security? CxSAST analyzes iOS and Android app code and identifies flaws often missed in traditional testing environments. The product helps you track down areas that may be vulnerable to code injection, session fixation, password inadequacy, among other issues. This fully automated process allows your developers to concentrate on fixing problems rather than finding them.