South-East Asian countries (ASEAN) such as Malaysia, Singapore, Indonesia, and Thailand are currently experiencing rapid growth in Mobile Application in terms of onboarding, digital transactions, and service deliveries. Of late, South-East Asia has seen an increasing surge of cybersecurity attacks on mobile applications across industries such as finance, government, and eCommerce. It has become important to enforce authentication, encrypt mobile communications, scan mobile apps for malware, prevent data leaks and protect application data on devices.
To further understand the importance of mobile security across Asia, we have conducted a quick chat with SecIron COO, Ms. Nicole Ban. She is the Chief Operating Officer at SecIron – One of Asia’s leading Mobile Application Security solutions provider. SecIron is focused on securing mobile experiences through innovation and development of Mobile Application Security technologies in safeguarding business and communities from cybercriminals and mobile threats. Through her website, she and her team are aimed at providing comprehensive end-to-end mobile applications security solutions and preventing customers from future potential threats.
Nicole shares her viewpoint about the current mobile app security that is currently witnessing incredible growth across Southeast Asia.
What is the importance of security for mobile apps?
Ms. Nicole Ban: I have been engaged in mobile application security for over 10 years across Asia, which included countries such as Japan, Taiwan, Hong Kong, India, and China. Recent developments since the start of the COVID pandemic have brought about incredible changes to how businesses, users, and governments interact and conduct in a more digitalized manner.
With the rapid development of the mobile Internet, mobile app security problems have become more and more prominent. It is reported that over 97% of mobile apps underwent security attacks, such as network penetration, malicious hijacking, personal privacy theft, reverse engineering and decompilation, code injection, browser hijacking, SMS hijacking, and the like. The security issue of mobile APPs has become an urgent problem to be addressed. It is also a matter of great concern to the state, society, enterprises, institutions, and individuals.
Here I would like to mention that insecure data storage also affects more than 76% of the applications and it has become quite difficult to protect data from unauthorized access. Basically, the greater chances of data breaches with mobile applications are because hackers seldom need to physically access anything to steal the personal or sensitive information of the users and company.
Why do Mobile APPs suffer more security vulnerabilities than web platforms?
At present, the supervision of mobile apps is still in the short-term mobilized stage, and the available supervision methods are scant. As a result, the problems such as content violations, unauthorized data collection, security vulnerabilities, and malicious behaviors are becoming increasingly serious. As for the PC Internet, the supervision mechanism has been mature. For example, if you want to launch a website, you need to file with the regulatory agency and apply for an ISP certificate or ICP certificate. However, for mobile apps as the mainstream mobile portal, a unified filing management mechanism is still absent.
According to statistics from PwC, as early as 2014, Asian mobile Internet had seen explosive growth, with the annual transaction volume exceeding 7 trillion US dollars.
However, what accompanies the huge opportunities and benefits of the mobile Internet is huge risks.
When everyone puts their eyes on the high yield, they tend to ignore a big issue, that is, the security of mobile apps. Mobile apps suffer more security vulnerabilities than web platforms. This may be due to the following reasons.
1. Insufficient security development experiences.
2. Low time and economic investment in application security.
3. Lack of application security developers.
4. Poor awareness of application security in developers and companies.
Will you please share some mobile application security tips so that the common users will be able to secure the mobile app from viruses and malware?
Yes, definitely I want to share some mobile security tips so that the users will be able to implement them to keep all their data safe.
Tip number 1:
This is for mobile app developers. Whenever you create any mobile application, it is very important to go through all the components on an individual basis and check out the security for each one. Moreover, you should also consider using network access control so that unfamiliar users are not able to send bulk traffic to the application and cannot put the security of the app in danger.
Tip number 2:
Automation is the way forward in mitigating potential threats to mobile applications. By reducing manual processes in vulnerability management and eliminating the human factor, companies can focus on security research. Automation is not a new concept in the cybersecurity industry. Automated vulnerability scanning has been available for over two decades. However, it was limited to static scanning. More recently, dynamic techniques have been used to enhance the level of automation in the assessment of application vulnerabilities. This allows for faster results, fewer false positives, and better detection of actual issues versus potential issues.
Tip number 3:
Mobile applications must be created by utilizing the complex coding options that become difficult for hackers to break into. Moreover, the applications should be designed in such a way that they store minimum information and use only the required data instead of collecting bulk information. By following these measures, businesses can protect their business from cyber-attacks and in the long run build a strong security system. Software updates must be completed with caution. A number of companies have been recently attacked because they ignored crucial software updates, which rendered them vulnerable to malware attacks. In order to prevent such incidents from happening, mobile applications should be updated only when required.
What kind of encryption do you think should be used in mobile apps?
It is no secret that mobile applications must be fully encrypted, however, I’d recommend the advanced encryption standard (AES) which is the widely accepted encryption for mobile apps. Most people use Android phones, download applications in them and recent studies have clearly revealed that Android is the most frequently attacked platform so whenever someone downloads the applications in Android, he or she must consider the complete encryption and also apply some level of data ciphering.
There is not a single way to encrypt data, instead, there are hundreds of different ways of utilizing the feature of encryption and combining it with different algorithms. If you do not have any detailed knowledge on how to check the level of encryption and what kind of encryption is used for your mobile application, you should reach out to the companies like ours where our team of experts will guide you in detail and solve all the security-related issues.
The root of the problem is that most people do not even know the potential issues they can face when the information gets exposed through mobile applications such as banking applications. It is something all businesses, as well as customers, should consider. The good news is that nowadays various free tools or app security testing are available which will tell you the level of safety of the particular mobile application.
Why does the security of mobile applications need to be improved?
Relative to web platforms, the security of applications needs to be improved. The research on web security has lasted for a dozen years, but little attention was paid to application security until recent years. Accordingly, the experience in application security development is insufficient. Besides, many companies only care about the functionality of applications and ignore their security. So, they are unwilling to invest their human and financial resources in application security, leading to many security vulnerabilities.
The mobile Internet has the features of boundary ambiguity, operating system openness, and incredibility of mobile terminals. These features bring about many security challenges and threats to mobile applications when they are released on the Internet for operation, such as static cracking, dynamic attacks, data theft, business threats, performance reduction, and operation collapse.
Therefore, sufficient attention shall be paid to application security. To ensure apps security, multi-layer security solutions are necessary. According to the nature of apps and the system platforms, multiple encryption methods may be used at the same time.
How does your platform SecIron provide security for the apps?
At SecIron, we solve top mobile app security issues such as insecure communication, lack of input validation, insecure data storage, poor encryption, content violations, application reverse engineering, unauthorized debugging, root device detection, hacking tools, and malicious behavior detection, and so on.
We understand that In-App protection is crucial to preserve and improve business reputation. When mobile applications are attacked, businesses observe irreversible consequences. This is because when the user data is stolen, the customers become over conscious about their security and privacy and leave the business. As a result, the businesses face a severe risk of regulatory compliance violations and bad publicity. If the business fails to overcome the vulnerabilities in the mobile applications and the attack lasts for a long time, it can cause irreparable damage to the business.
Our vision is to become Asia’s number one mobile app security provider and ensure the success of the businesses.
We are currently providing the services from two locations:
- Our headquarters based in Tokyo, Japan
- Our regional Southeast Asia branch located in Kuala Lumpur, Malaysia
We ensure the production of mobile applications from the invasions of hackers using cutting-edge security solutions and playing our part in making the online world a safer and secure place.
We mainly cover the mobile applications of the businesses such as:
- IoT Industry.
- Public Services.
- SaaS industry.
- Mobile gaming.
- Retail & eCommerce.
- Financial industry.
- Healthcare industry.
- Utility industry.
According to a survey, more than 75% of mobile applications will fail basic security tests. So we focus on the need for tracking the mobile application security and utilization of encryption Technology. In this way, employees and customers can remain safe while downloading the mobile applications and using them by following a complete mobile application security checklist.
