A day in the life of a Mobile App User
From the time we wake up in the morning till the time we go to the bed the amount of data our smartphone collected is enormous making us vulnerable and in danger.
It’s 6:30 am. Rather than using the smartphone’s clock, we use our preferred radio station’s app so we can be woken up by our favourite personalities and tunes.
An hour later, we jump into the car and fire up navigation software so we can find the quickest route to the first meeting of the day. Along the way, there’s some traffic so we use the navigation app’s tool for providing crowd-sourced traffic information. We arrive at the destination a few minutes early – just enough time to check-in to the nearby cafe to grab a cup of coffee before rushing into the meeting.
As it turns out, the meeting isn’t too interesting so we pretend to be attending to a really important text message. Instead, we log into web banking, check the account balance and then launch the app for our power company to pay the bill. The app is really cool – we can see how much power is used every half hour and can track when the kids fired up the Xbox when they should have been doing their homework.
The meeting ends and we check the calendar on the smartphone. There’s a short break so we head into the office, using the navigation app again. Interestingly, according to the app, we made the trip a few minutes faster than last week.
We arrive at the office, check into the company’s collaboration and instant messaging portal and start working on a new client proposal as well as tweaking some details on a new supplier contract.
Lunchtime comes so we head to the local deli, check in on Facebook and grab a table. With the data allowance on the phone running low, we use the free Wi-Fi to heck a few emails and message the team that we’ll be out of the office for the next hour. Thankfully, after about ten minutes, we remember that memo from the IT department about using a VPN when connected to public Wi-Fi so we do that, confident that nothing bad could have happened in the last ten minutes.
Then it’s a walk back to the office – that’s another 1200 steps to add to the day’s total according to the fitness tracker on our wrist – and back to work for the rest of the day, before driving home.
Why Data matters – a lot
Over the course of the day, that person’s smartphone collected and had access to a vast swathe of data – everything from personal habits, to driving routes, through to sensitive corporate information. Almost every action taken left some sort of digital fingerprint or shared some data. And we don’t even scratch the surface of connected home devices. Just this month, it was revealed that Hangzhou Xiongmai Technology, a company that makes security cameras that are rebranded by hundreds of other companies, has a significant vulnerability that means all the cameras they have on the market are vulnerable to illicit listening in and spying.
Every app we use has the potential to reveal something that could be of value to a malicious third party. For example, the time we leave home, the routes we take and where we go can be used by thieves so they know when our homes might be most vulnerable. Our electricity usage patterns, in the wrong hands, can provide insights into when we are away. And a vulnerable application could make credit card and other payment information vulnerable.
While user education can go a long way to reducing the risk of data leakage, we saw from this user’s day that mistakes can be made. Those few minutes connected to the public Wi-Fi at the cafe, before the VPN was enabled, could give an opportunistic thief, perhaps using a spoofed access point, access to valuable information. What we want are systems that are secure regardless of what users do. We want to create systems that make security seamless and invisible and not dependent on specific steps.
That means having security by design rather than bolting it on as an afterthought.
Embed security in apps and services
When using corporate applications or accessing sensitive information, the goal is to create a working environment that is secure by design. Software is created by humans and that means errors are possible. But the right tools and frameworks minimise the risks of those mistakes being severe. Tools like Quixxi Security assess applications and point out the potential vulnerabilities by using penetration testing and encrypting apps so they can’t be tampered with and the data they handle can’t be read even if it is intercepted.
In other words, the environment your apps work in is secured by design so your critical data is protected even if the application has an issue.
If an application has a detected vulnerability, Quixxi Control can deliver patches and real-time code changes to specific groups of people or devices, or individuals. That provides peace of mind.
People use their smartphones more than ever before and are, often, barely aware that they are doing so. Every app they use accesses some sort of data potentially shares it with other apps and connects to the internet. By creating a secure operating environment that can be rapidly and easily fixed if an issue is detected, the risk of unauthorised data loss can be minimised.
Quixxi Automated Vulnerability Assessment provides a detailed analysis of your app from a security perspective, reporting each detected vulnerability with a description, an explanation of the risks associated with and recommendations for fixing the vulnerability. Quixxi Shield provides codeless protection against hackers looking to clone, tamper with, inject malicious code into and – in general – exploit your mobile app. Quixxi Supervise rounds out the Shield action by enabling you to enforce your licensing model. The Quixxi Licensing SDK lists all the illegal users – forbidding them to use your app – and lets you send them push notifications to implement a conversion policy. Analytics SDK will provide your users insights and custom events to follow up and understand the app dynamics after it gets published. Diagnostics will help you fix your app taking details and debug files directly from the user who experienced the issue