Mobile App Security and Privacy Analysis
By some estimates the worldwide mobile industry is well on its way to achieving 44 billion cumulative downloads of mobile apps by 2016. CISOs and security professionals are taking note of the increasing popularity of smartphones and tablets and the proliferation of customer-facing and corporate-oriented mobile apps. As these apps start to access sensitive data and transact business critical operations, questions about their inherent security and privacy posture need to be answered. While a mobile workforce stands to enhance productivity it should not come at the expense of security and privacy. Veracode’s Mobile App Security and Privacy Analysis service helps customers learn about the security risks and potential privacy violations of internally developed and third-party mobile applications.
Veracode supports the following mobile platforms for static binary scanning: iOS, Android, Windows Mobile, BlackBerry
Mobile Security Issues: A Multi-tiered Challenge
Mobile applications may have several types of security risk: language inherent risk, based on common security flaws in the language; malicious data exfiltration, in which sensitive data is surreptitiously transmitted from the phone; and platform specific risk, based on specific vulnerabilities inherent in the mobile platform. Some examples of the types of language related and other flaws that Veracode’s automated service discovers for mobile apps are discussed below.