Mobile Apps: How to Use Them Safely
The continued growth of mobile apps requires a spotlight on security. The risks include access to information, such as physical location or contacts lists, as well as the ability for apps to download malware, such as keyloggers or programs that eavesdrop on telephone calls and text messages.
Hackers are quickly learning how to harvest legitimate applications and repackage them with malicious code before selling/offering them on various channels. The Institute of Electrical and Electronics Engineers (IEEE), a global technical professional association, predicts that 2012 will see an upsurge in cellphone hacking through the use of mobile applications on smartphones.
What steps can users take to minimize risk when it comes to using mobile device apps? Here are a few tips:
- Make sure you actually need an app Every time you download an app, you open yourself to potential vulnerabilities. Only download those apps you deem necessary with the understanding of the risks involved.
- Be careful about which app store you use If you do decide to download an app, be aware of which app store you use. App stores have different standards for which apps they will offer to the public. Some app stores require apps to be put through rigorous testing first, while other stores accept all apps.
- Password-protect your mobile device Your mobile device should be protected with a strong password. Make sure that the passwords are not stored in your device. Do not enable the apps to remember your password for your device, and set your device to auto-lock after a few minutes.
- Learn how to remotely wipe your mobile device If your device has a remote wipe feature, you should enable it. If the device is lost or stolen, this will allow you to remotely remove all of your personal data and restore it to its factory settings.
- Do not use public Wi-Fi when performing financial transactions Most mobile devices can use both wireless Internet and a mobile provider’s 3G or 4G network. Use only 3G or 4G networks for any secure transactions, such as banking.
- Be alert to changes in your mobile device's performance If you download an app and your device starts performing differently (for example: responding slowly to commands or draining its battery faster), this could be a sign that malicious code is present on the device.
- Update apps Update all apps when notified.
- Disable Bluetooth settings on your mobile device whenever it is not in use If left on, someone could potentially pair to your device and obtain information or take over your device.
- Follow your organization's policies If your mobile device is provided as part of your job, be sure to follow the rules and procedures established by your organization.
Resources for More Information
- Multi-State Information Sharing and Analysis Center: http://msisac.cisecurity.org/newsletters/
- Tips for safe use of geo-location apps: http://lastwatchdog.com/isaca-backs-regulation-location-based-apps
- National Cyber Security Alliance: www.staysafeonline.org