As the year and decade come to a close, it’s a good time to start thinking about what the upcoming months and years are likely to hold when it comes to appsec. Mobile applications continue to be at the heart of many businesses’ strategies, and security vulnerabilities continue to escalate. Below, we’ll share five predictions for mobile app security in 2020, along with recommendations from our appsec experts on how to best prepare your organization.
Research has shown many consumers are wary of using mobile banking applications due to security and privacy concerns. They are interested in the convenience and timeliness these apps can offer, but they want to know that their data will be protected, especially given the near-constant headlines about security breaches. Interestingly enough, more consumers are open to mobile payments apps. Currently, it is predicted that 2020 will be the first year that more than 1 billion people worldwide will use a mobile payment app to pay in-store at least every six months.
Yet as a recent Guardsquare report found, less than half of global mobile financial apps are using any type of code obfuscation currently—leaving them wide open to hacking. Without sufficient security upgrades, the continued growth of mobile payments and financial apps will lead to more hacks and breaches in 2020.
That said, it’s not too late for banks, mobile payment providers, and other developers of mobile financial applications to embrace better appsec practices for the coming year. Proper mobile application security, including both code hardening and runtime application self-protection (RASP) can prevent reverse engineering, fraudulent app clones, sensitive data loss, IP theft, and other potential negative outcomes.
Learn more about Security for Mobile Financial Applications and how we can help protect your customer data with our state-of-the-art security.
However, many developers using the language do not fully understand security best practices, including how to protect Kotlin code against OWASP's well-known Mobile Top 10 risks, as explained in-depth here.
In 2020, developers must take steps to educate themselves about Kotlin security and to better protect their apps written using Kotlin. As with any other Java-based language, apps written using Kotlin must be protected against both static and dynamic attacks using a combination of code hardening and RASP.
Fake mobile apps are Android or iOS applications that mimic the look and/or functionality of legitimate applications to trick unsuspecting users into installing them. Once downloaded and installed, the applications can perform a variety of malicious actions. Developers need to understand how fake apps threaten their brand reputation and consumer trust and take steps to prevent them, including:
You can learn more about this pernicious challenge here . On the positive side, we anticipate that more and more organizations will see mobile as an opportunity to manage and protect their reputation by embracing mobile app security.
Did you know that every iOS version has eventually been jailbroken? In fact, a recent permanent jailbreak was discovered that highlights the reality that iOS apps are not perfectly secure. Many app developers still believe iOS apps are virtually immune to reverse engineering and don’t need any protection, but this just isn’t true.
We believe that 2020 will be the year more developers open their eyes to the reality that iOS is not immune to hacking and begin to better protect their applications. To learn more about this reality, check out our blog post: 3 Misconceptions About iOS Security.
Recent international mobile banking and financial services app regulations in Turkey and Singapore are paving the way for tighter app security policies. While these regulations are primarily intended to safeguard consumers and their sensitive financial data, in the process, they will protect app publishers from the unintended consequences of mobile application hacking and misuse.
Whether a business is beholden to these specific regulations or not, we expect them to spread globally over the coming year and decade. How to respond? Luckily, application shielding is a measure organizations can easily implement to remain compliant, as well as more generally keep sensitive logic and data protected from misuse. Application shielding makes an app more resistant to common intrusion techniques, including reverse-engineering and tampering.
What are your predictions for mobile apps and appsec in 2020?