How secure is that app you just downloaded ?
“大约79%的测试应用程序存在网络安全配置错误,78%的应用程序缺乏足够的代码混淆,这为黑客对代码进行逆向工程打开了大门。. 另外42%的人在通过未受保护的通道将数据从应用程序共享到服务器时错过了足够的传输层保护. “
我们都认为从app store下载的应用程序是安全的. 事实上,我们大多数人下载应用程序时都没有考虑过安全问题.
However, according to a recent article on the respected Business of Apps site, Google Play上75%的印度开发应用存在严重的安全风险, without even basic security checks being in place.
在Google Play上的2976112款应用中,超过157313款来自印度发行商.
更多来自调查的细节(由移动应用安全专家进行) Appknox) can be found here.
如果这听起来有点令人担忧,请记住有多少应用程序包含某种支付层. With your details on them.
MOBILE APP SECURITY
编写任何进入公共领域的软件不仅仅是“编写软件”的问题。, 它确保软件是完全安全的,不包含任何数据泄露, 后门或任何可能被恶意第三方利用的潜在安全问题.
Mobile apps have become much more complicated over recent years. With more functionality expected by users, 应用程序依赖于复杂的第三方库和更复杂的架构. The more complicated an app, the more complicated app security becomes, with an inevitable, 在任何生产周期结束时都需要进行昂贵的测试.
确保所有这些组件以一种安全的方式集成需要时间和金钱——在一个几乎是“生产线”基础上以尽可能低的成本构建应用程序的环境中.
如果你的开发人员是在一个死记硬背的环境中工作, without having to think, 他们只是为了钱而工作——这有时取决于他们当天写了多少行代码——你不会得到一个高质量的应用程序,因为安全性和安全性永远不会成为主要考虑因素. 不幸的是,这是许多外包开发国家的标准,他们与西方同行在现金条件下竞争——“一分钱一分货”。.
COMMERCIAL IP
Not only does mobile app security affect normal users, it’s also vitally important to protect intellectual property as well. If you’re a commercial enterprise, 向恶意用户提供获取公司和客户数据的后门绝对是您希望避免的事情.
SO HOW DO I KNOW IF MY APP IS SAFE?
If you’re commissioning a mobile app, or have an existing one in the Play stores, 你可以采取一些简单的步骤来确保你的手机应用对你的用户来说是安全的.
If the price seems to be too good to be true, it probably is. 我们都想要尽可能便宜的应用,但“便宜”几乎总是意味着偷工减料. Shop around, use a review site like Clutch.co 要找到一些开发商在一个地区-比较以前的客户评论和价格.
Go on the developer’s site and see where their offices actually are. 许多开发公司使用“虚拟地址”来获取谷歌地图上的位置标识. It might look like they’re local, but might not be the case. 顺便说一下,这在软件开发中是一种地方病——烟雾和镜子.
Whilst on Clutch, 要小心那些有大量评论的供应商,因为它们似乎都遵循相同的格式. Has a client written them, or has the developer written them themselves? Check references.
确保开发者会发布一份工作声明,其中详细说明了正在编写的安全措施以及应用的测试方案. Check the testing is done and with satisfactory results. Ideally, pay a third party to perform the testing.
Ask for the source code. You own it, after all - it’s your intellectual property. If you have any worries about your app, have a third party check it.
如果你是一个担心应用安全的用户,那就没那么简单了. Check reviews on the Play stores, find out who wrote the app. Check, check, triple check.
WHAT CAN FORESIGHT DO FOR YOU ?
In a race to the lowest possible price, quality is always compromised.
如果您希望对您的海外设计应用程序进行安全检查,请发送邮件给我们 hello@foresightmobile.com -我们的专业开发人员和设计人员可以确保您的应用程序已正确构建,没有数据泄露, back doors or server transport issues.
