Securing vulnerabilities in mobile apps

With BYOD becoming commonplace, a major share of the smartphones used for business purposes are owned by individuals instead of organizations. These devices could potentially become easy targets for cyber-attackers, making it difficult for your IT team to secure data residing on enterprise systems.

Prasenjit Saha Jun 29th 2016

Rethinking security of mobile applications necessitates stricter regulations in terms of disk-encryption and malware protection. Let us explore a few vulnerabilities specific to mobile apps and look at some ways to protect against them.


  • Growing interest in hacking mobile devices: Hackers are always looking for ways to infiltrate organizations, and are slowly realizing that exploiting vulnerabilities in mobile device security is easier than attacking traditional targets.
  • Lower security levels: It is generally agreed that Android devices are more vulnerable than iOS devices, with Windows devices lying somewhere in between. Compared to PCs, mobile devices still have a long way to go in terms of security.
  • App vulnerabilities: App stores across mobile operating systems leave a lot to be desired in terms of app security verification. For example, Kaspersky Labs estimates that one in five users don’t adequately vet an app, or it’s permission requests, before installing. Additionally, bugs in the underlying code become targets for mobile malware.


  • Device security:  Ensure that employees protect their phones with more than just a swipe access. Let them know that using codes, passwords, and even fingerprint scanning are better ways to protect their devices and company data. Enterprises should also assess the security of employee devices by checking for rooting or jail breaking, rogue applications, and compromised environments.
  • Secure code: Empower your developers with tools capable of identifying vulnerabilities in the underlying code of enterprise apps. Protect enterprise apps against reverse engineering and tampering.
  • Data security: Ensure security of enterprise data by encrypting mobile data and equip your security team with remote wipe capabilities to address security issues related to lost devices. 
  • Secure transactions: Restrict employees’ mobile access to enterprise services and the capability to execute mobile transactions on behalf of the enterprise based on risk factors such as device security, employee location, network, and so on.

Mobile devices are the new frontier for cyber wars, with hackers trying to break in, and security teams trying to keep them out. Ensuring security in the BYOD era requires organizations to assess the impact of mobility on their business risk profile. Employing cyber security services can help organizations tackle the entire range of security needs in a single go, including tackling employee device safety and security, along with access control and network security. Complementing cyber security services and solutions with employee education, and laying down policies specific to mobile devices, will help organizations to protect against mobile app vulnerabilities.

The author is CEO, Infrastructure Management Services and Security Business at Happiest Minds

Disclaimer: This article is published as part of the IDG Contributor Network. The views expressed in this article are solely those of the contributing authors and not of IDG Media and its editor(s)