Mobile Application Security: Overview Of Practices To Plug Vulnerabilities – 2
A user with malicious intent can cause a lot of damage after gaining access to a mobile application. Therefore it is necessary to ensure an app itself does not make it easy for its users to carry out such activities, by any means. Below is a list of six such scenarios where attackers gain insights from the app itself or exploit inadequate security measures and exploit.
Risks of Allowing App Debugging Post Release
Computers can communicate with an app installed on a mobile device, when connected using a USB cable, if the app is debuggable. The scenario has a vulnerability that a person with malicious intent may exploit.
Application display error messages when invalid credentials are submitted. In case these error messages provide hints about database values, then it makes an attacker’s work easy.
Using CAPTCHA During Authentication
It is easy to try all possible combinations of inputs and breach an application’s security using modern software tools. Using a CAPTCHA can be an effective solution for this.
Implementing Account Lockout Feature
Not having restriction on the number of login attempts allows attackers to carry out all the possible inputs one by one and gain access. Barring access to the account post a certain number of unsuccessful login attempts can be a solution.
Irrelevant App Permissions
Mobile applications often ask for permissions that are not required for functioning. In case the app gets affected by malware, more damage could be caused as the app would have access to more components.
Source Code Obfuscation
It is necessary to ensure that app source code does not get reveled. A person with malicious intent can make use of it, build a similar app, and rob users. Therefore, it is necessary to ensure that the source code is obfuscated while releasing applications.