“Application risk is increasing because we’re doing more and more applications on our devices,” said Chris Wysopal (@weldpond), CTO and Cofounder of Veracode.
Each time you add an application to your device there’s a chance you’re adding risk to your device. Each app can add risk in terms of malicious functionality or a poorly coded application that leaks information. It could be the way it transfers information in the clear or it could be sending your private information up to an ad network, explained Wysopal.
All of this is happening because developers are running ahead building applications without thinking about security implications. It’s understandable as there’s a land grab to be in market as soon as possible, said Wysopal. Building in security would just slow down development and the application’s release.
Poorly secure applications may not be done maliciously. Anytime there’s a new platform, there’s a belief that the platform is secure but that doesn’t cut it, said Wysopal referencing the history of the Java platform and the insecure applications that were built upon that. Don’t be fooled into believing the operating system is going to protect the user.
While there are currently no rules of the road on how to create a secure app, it’s starting to evolve and Wysopal hopes we can get to a better state than we’re in now.
Stock photo of mobile applications courtesy of Shutterstock.