{"id":255,"date":"2015-01-21T02:30:23","date_gmt":"2015-01-21T02:30:23","guid":{"rendered":"http:\/\/outworx.com\/blog\/?p=255"},"modified":"2015-01-21T02:30:23","modified_gmt":"2015-01-21T02:30:23","slug":"challenge-mobile-app-security","status":"publish","type":"post","link":"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/","title":{"rendered":"The Challenge of Mobile App Security"},"content":{"rendered":"<p>For years,\u00a0<a href=\"https:\/\/www.owasp.org\">OWASP<\/a>\u00a0has published a Top Ten 10 list of web application vulnerabilities. \u00a0The list is a good place to start for organizations looking to improve the security of their applications.<\/p>\n<p>With the rise of mobile, OWASP now publishes a\u00a0<a href=\"https:\/\/www.owasp.org\/index.php\/Projects\/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks\">Mobile Top Ten Risks<\/a>. \u00a0Compared to the more familiar web app vulnerability list, the mobile list has some striking features. \u00a0The mobile app has all the security requirements required by web apps. \u00a0But special new measures are needed to protect the mobile app. \u00a0Using these new measures properly requires a very high degree of expertise from mobile developers.<\/p>\n<p>The new security requirements are needed because of differences in the execution environments of web apps and mobile apps. \u00a0Web apps execute in <em>trusted environments.<\/em> \u00a0On a well configured\u00a0system, there is no other software except what is needed by the web server and its app. \u00a0The server is typically is a room that is locked and physically secured.<\/p>\n<p>Mobile apps execute in an <em>untrusted environment<\/em>. \u00a0For example,<\/p>\n<ul>\n<li>User&#8217;s are free to download other apps on the mobile, and these apps may be malicious.<\/li>\n<li>Mobile devices can be stolen. \u00a0Once in the possession of a\u00a0black hat, commonly available tools\u00a0let him disassemble the app, overcome much of the encryption, read filesystems, and generally see everything that is going on in the system.<\/li>\n<li>Jail broken phones provide easy privilege escalation for malicious apps.<\/li>\n<li>Some apps need offline user authentication which can open up security problems.<\/li>\n<\/ul>\n<p>To combat these challenges, researchers have developed techniques like\u00a0<em>white box cryptography (WBC).<\/em>\u00a0 WBC seeks to protect cryptographic keys in applications by extremely sophisticated obfuscation techniques that scatter bits of the key in a multitude of cooperating routines and data structures. \u00a0The idea is to make key recovery so complicated that an attacker will be deterred.<\/p>\n<p>The mobile app binary should\u00a0protect itself from modification by running dynamic checksums on itself. \u00a0Since an attacker could look through the code and disable one or two calls to checksum routines, the checksum checking code\u00a0should be scattered throughout the code with different signatures to make it hard to automatically remove them all.<\/p>\n<p>Apps should detect if the device is jailbroken, and refuse to run.<\/p>\n<p>The OWASP Mobile list has many more vulnerabilities and remediations listed. \u00a0If you are a mobile developer, you definitely need to read it.<\/p>\n<p><em>\u00a0<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>For years,\u00a0OWASP\u00a0has published a Top Ten 10 list of web application vulnerabilities. \u00a0The list is a good place to start for organizations looking to improve the security of their applications. With the rise of mobile, OWASP now publishes a\u00a0Mobile Top Ten Risks. \u00a0Compared to the more familiar web app vulnerability list, the mobile list has &hellip; <a href=\"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;The Challenge of Mobile App Security&#8221;<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"xn-wppe-expiration":[],"xn-wppe-expiration-action":[],"xn-wppe-expiration-prefix":[],"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0},"categories":[9,10,13],"tags":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Challenge of Mobile App Security | OutworX<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Challenge of Mobile App Security | OutworX\" \/>\n<meta property=\"og:description\" content=\"For years,\u00a0OWASP\u00a0has published a Top Ten 10 list of web application vulnerabilities. \u00a0The list is a good place to start for organizations looking to improve the security of their applications. With the rise of mobile, OWASP now publishes a\u00a0Mobile Top Ten Risks. \u00a0Compared to the more familiar web app vulnerability list, the mobile list has &hellip; Continue reading &quot;The Challenge of Mobile App Security&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/\" \/>\n<meta property=\"og:site_name\" content=\"OutworX\" \/>\n<meta property=\"article:published_time\" content=\"2015-01-21T02:30:23+00:00\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Outworx\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.outworx.com\/blog\/#website\",\"url\":\"https:\/\/www.outworx.com\/blog\/\",\"name\":\"OutworX\",\"description\":\"Blogs, News and Updates of IT Industry | OutworX\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.outworx.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/#webpage\",\"url\":\"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/\",\"name\":\"The Challenge of Mobile App Security | OutworX\",\"isPartOf\":{\"@id\":\"https:\/\/www.outworx.com\/blog\/#website\"},\"datePublished\":\"2015-01-21T02:30:23+00:00\",\"dateModified\":\"2015-01-21T02:30:23+00:00\",\"author\":{\"@id\":\"https:\/\/www.outworx.com\/blog\/#\/schema\/person\/e305dc141a7e95d5a79eb095ac1f1461\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.outworx.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Challenge of Mobile App Security\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.outworx.com\/blog\/#\/schema\/person\/e305dc141a7e95d5a79eb095ac1f1461\",\"name\":\"Outworx\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.outworx.com\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/01a175d14b9fd311bc14945e82e36b1d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/01a175d14b9fd311bc14945e82e36b1d?s=96&d=mm&r=g\",\"caption\":\"Outworx\"},\"sameAs\":[\"http:\/\/www.outworx.com\"],\"url\":\"https:\/\/www.outworx.com\/blog\/author\/outworx\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Challenge of Mobile App Security | OutworX","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/","og_locale":"en_US","og_type":"article","og_title":"The Challenge of Mobile App Security | OutworX","og_description":"For years,\u00a0OWASP\u00a0has published a Top Ten 10 list of web application vulnerabilities. \u00a0The list is a good place to start for organizations looking to improve the security of their applications. With the rise of mobile, OWASP now publishes a\u00a0Mobile Top Ten Risks. \u00a0Compared to the more familiar web app vulnerability list, the mobile list has &hellip; Continue reading \"The Challenge of Mobile App Security\"","og_url":"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/","og_site_name":"OutworX","article_published_time":"2015-01-21T02:30:23+00:00","twitter_misc":{"Written by":"Outworx","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.outworx.com\/blog\/#website","url":"https:\/\/www.outworx.com\/blog\/","name":"OutworX","description":"Blogs, News and Updates of IT Industry | OutworX","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.outworx.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/#webpage","url":"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/","name":"The Challenge of Mobile App Security | OutworX","isPartOf":{"@id":"https:\/\/www.outworx.com\/blog\/#website"},"datePublished":"2015-01-21T02:30:23+00:00","dateModified":"2015-01-21T02:30:23+00:00","author":{"@id":"https:\/\/www.outworx.com\/blog\/#\/schema\/person\/e305dc141a7e95d5a79eb095ac1f1461"},"breadcrumb":{"@id":"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.outworx.com\/blog\/challenge-mobile-app-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.outworx.com\/blog\/"},{"@type":"ListItem","position":2,"name":"The Challenge of Mobile App Security"}]},{"@type":"Person","@id":"https:\/\/www.outworx.com\/blog\/#\/schema\/person\/e305dc141a7e95d5a79eb095ac1f1461","name":"Outworx","image":{"@type":"ImageObject","@id":"https:\/\/www.outworx.com\/blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/01a175d14b9fd311bc14945e82e36b1d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/01a175d14b9fd311bc14945e82e36b1d?s=96&d=mm&r=g","caption":"Outworx"},"sameAs":["http:\/\/www.outworx.com"],"url":"https:\/\/www.outworx.com\/blog\/author\/outworx\/"}]}},"_links":{"self":[{"href":"https:\/\/www.outworx.com\/blog\/wp-json\/wp\/v2\/posts\/255"}],"collection":[{"href":"https:\/\/www.outworx.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.outworx.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.outworx.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.outworx.com\/blog\/wp-json\/wp\/v2\/comments?post=255"}],"version-history":[{"count":6,"href":"https:\/\/www.outworx.com\/blog\/wp-json\/wp\/v2\/posts\/255\/revisions"}],"predecessor-version":[{"id":261,"href":"https:\/\/www.outworx.com\/blog\/wp-json\/wp\/v2\/posts\/255\/revisions\/261"}],"wp:attachment":[{"href":"https:\/\/www.outworx.com\/blog\/wp-json\/wp\/v2\/media?parent=255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.outworx.com\/blog\/wp-json\/wp\/v2\/categories?post=255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.outworx.com\/blog\/wp-json\/wp\/v2\/tags?post=255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}