Mobile technology has been the next big innovation that has been driving tremendous benefit and value in IT space after web. Every business is trying to get this smart solution on their finger tips for deeper reach. The disruption has been huge in every domain right from banking, retail to health sector. But as these solutions are coming down on smart mobile devices the current IT world is rarely bothered about the amount of private data store shared on mobile phones.
Over that, barely any of the innovation agencies are thinking about security of the personal and private data that has started residing on the mobile devices. The trend is pretty much the same as it was for initial times of dot-com boom, where solutions were more focused on experiences, engagement and adoption and very little on the security breaches.
Going through the stats available on internet, the 2016 report on App security from a leading institution on IT security says that 90% of app had major security vulnerabilities. More concerning about this survey is, even the consumer in the space fail to realise this apps are not safe, which means even the awareness of security around mobile application is very low at end user level.
Even though, the security critical tech-organizations are extending their conventional security frameworks for web to mobile. OWASP (Open Web Application Security Project) a non-profit organisation took up the responsibility of differentiating and standardising security risks for mobile channel.
OWASP research has come up with top ten mobile risks as stated below:
- M1: Weak Server Side Controls
- M2: Insecure Data Storage
- M3: Insufficient Transport Layer Protection
- M4: Unintended Data Leakage
- M5: Poor Authorization and Authentication
- M6: Broken Cryptography
- M7: Client Side Injection
- M8: Security Decisions Via Untrusted Inputs
- M9: Improper Session Handling
- M10: Lack of Binary Protections
Even though every risks stated above are important for security, I would like to focus on discussing the top three important points which have lower awareness even being crucial for security and at last the 10th for binary protection extending it for defensive programming.