Securing Your Private Parts


cvedetails.pngIf you are working on a secure app, for example a banking or payment app, you should be thinking about how to secure your ‘private parts’. This might be, for example, login information or secure tokens. Relying on sandboxed areas being inaccessible to other apps isn’t good enough because rooted devices and some vulnerabilities can access these areas.

While on the topic of vulnerabilities, a lot of noise has been made of how insecure Android is because older devices are not getting patched in the same degree as iOS. There’s a useful list of Android and iOS vulnerabilities at CVE Details. It shows that iOS has several orders of magnitude more vulnerabilities, especially more recently.

androidiosvulnerabilities.png 

Whether on iOS or Android, the best thing you can do for secure apps is to not cache login information/tokens and instead force the user to log in every time. Anything else is more easily hackable to varying degrees. Although less of a risk, logging in every time is still vulnerable at various points so make sure you use 2 factor authentication.

Related Articles:

Comments are closed.