1(630)802-8605 Ravi.das@bn-inc.net

For as long as I have been in technology (which is now some 15+years), I have actually never got too fancy with the actual devices that I have owned.  For instance, it took me a long time to embrace the idea of using a cell phone, and upgrading out of Windows 98 back last decade.  Even to this day, I have never upgraded my iPhone.  I think I still have the version 5 model, and hey, as long as it gets email and texts, that is all I truly care about.

The same is true of even the mobile apps.  In fact, I think I even just have three of them.  My wife Anita, has many more than I do.  I just never got into the craze of using mobile apps for everything. So speaking of which, this what we touch on today.  In the last couple of years, I have written and even edited numerous articles on the mobile app creation process.

I never actually realized how much work that software developers have to do in order to create them, and make sure that they work properly.  It’s not just a matter of creating a pretty looking icon on the screen of your iPhone or Samsung, but there is a lot of QA testing that has  to be done before it can be launched out into the public forum.

Not only that, but these freshly created mobile apps have to be tested from a security standpoint as well.  Now, there are no set standards for this, each software development team can do what they want to do in this regard.  For that matter, they don’t even have to security test if they do not want to do so.  But, then of course they will be held liable for any losses that may occur if the mobile apps are hacked into by a Cyber attacker.

One popular methods of testing for any security holes is that of Penetration Testing.  With this, you actually hire or outsource a team to launch real word Cyber attacks (of course, in a controlled environment) against your newly developed mobile apps to find where the holes and the weaknesses are at.  At the end, normally you get a report summarizing all of this information, and what can be done to fill up these gaps and holes.

On the same note, I was even surprised to first hear when Apple even had their own set of stringent requirements before any new mobile apps could be uploaded to the App Store. For instance, there is a specialized team there that examines the source code behind each and every one of them, and in a manner similar to that of Penetration Testing, they run their own rigorous security checks before they ca be authorized to be placed on the App Store for download by customers.

If you fail to meet any of their harsh security requirements, well, your mobile app will not be uploaded then.  You will have to go back and fix what is wrong, and keep resubmitting until it gets finally approved.  In this regard, the other popular mobile app store is Google Play.  Here is where you will find many of the Android based mobile apps.  But interestingly enough, the security requirements that have been set forth by Google are nor nearly as stringent as that of Apple.

This is probably why they were recently breached.  Supposedly, a Cyber attacker or a group of them bypassed the weaker vetting security process as established by Google and thus were able to place malware onto the Google Store.  They appeared as legitimate mobile app downloads.

For example, “ . . . all were legitimate in the sense that they functioned properly, six were QR code readers and another a compass, thus making it hard for the average person to determine they were dangerous. Secondly, the malware did not activate for several hours after being downloaded . . .”  (SOURCE:  https://www.scmagazine.com/malicious-android-adware-apps-downloaded-500000/article/754127/). Apparently, some 500,000+ customers of the Google Store were severely impacted by this. Of course, once this malware was finally discovered, the related mobile apps were immediately removed.

The end result that many unwanted pop up ads kept appearing on the customer’s Android devices, even after the mobile app was closed off.  This just goes to show that nothing is secure anymore, even when it comes to your Smartphone.  When we talk about Cyberattacks, the first thought is that of computers, notebooks, and servers being affected.  But yes, even your Smartphone can be a victim as well.

The moral of the story:  Be especially careful of what you download in the way of mobile apps, especially from Google Play.  Remember, always trust your gut and it feels that something is not right, it probably is not.