Last year was, for many organisations, the year of the app. Executives across all sectors rolled out apps to provide a new channel for customer interaction.
For many businesses, the aim has been to enhance relationships and engage clients. More and more customers have smart phones, powerful internet-enabled devices that allow users to work and play online from the palm of the hand. However as we move into a world of more devices and even more apps my concern is that are users and business acting responsibly when it comes to security?
There is quite a bit of “User Naivety”. How many mobile users set a strong password lock on their mobile phone, if they set one at all? This knowing that some apps and sites “stay logged in”, giving any user with access to the phone access to the app ! Not so bad for angry birds maybe, but what about mobile banking !
Then, when downloading apps it is surprising how freely access is given to phone functions to a vendor of an app that the user has never heard of or checked their reliability. For example many users do not realise that an app can access any phone function or data on the handset. It is very feasible to write an app that goes through your phonebook and sends email addresses to spammers, or one that automatically sends expensive premium rate texts in the middle of the night!
This kind of user naivety is similar to users on desktop PC accessing a supposedly secure site without checking SSL Certificates.
What about simple things like other people looking over your shoulder? What about if you lose your phone? What about when your ever-smarter phone becomes your electronic wallet? The security implications are huge !
Scare mongary? Well (see further reading) many USA banks have already see breaches in their mobile apps !
Some of the same fears can be repeated in the corporate arena. Do you really want people logging into native apps while they’re on the move? What if devices go missing? Could corporate firewalls be compromised?
Whilst some app stores provide some basic checks none of this can necessarily be relied upon, and it is only time before we hear of more regularly of mobile security breaches and virus’s.
Whilst solving the cross platform mobile apps issue, the impending move towards HTML5 based apps could see even further challenges as the web itself becomes an endless appstore of it’s own.
The app has been the web-based sensation of the last 12 months. But we have a long way to go before native apps and in the future mobile web apps can be considered a secure means to access confidential information. And for the enterprise environment, that day could be a long way off.