The mobile app industry has transformed not just tech development cycles but modern society as a whole. Every company is expected to have an app and smartphone users trust those apps to be up to business security standards. Of course with the fairly recent increase in demand for apps everywhere, app platforms and developers are both suddenly in high demand. They have started teaming up with graphic artists and SEO writers to form digital marketing agencies in order to serve more than one company at once and many upstarts and old pros alike are freelancing in order to get apps into the service suite of every company that needs one. Of course, this fast-paced, one might say rushed, attitude toward app development has left some very dangerous loopholes that have been overlooked by almost everyone in the development and production chain.
The Unsecured APIs
While the first few generations of mobile apps were handmade by professional corporate teams and carefully secured, the constant iteration of app creation has naturally produced a series of platforms and APIs that can be used to quickly assemble a perfectly functional and reasonably customized app from desired parts. Each of these parts has naturally been stripped down for easy integration and minimum resource use. This is especially true of modern open source non-relational databases which are frequently used for lightweight app data management.
Fast Development Cycle
Recent business practices have moved away from the slow and careful production of practically artisan goods to quick development and production cycles that are constantly being closed, passed on, and re-opened for another wave of improvements. While this is great for improvements and innovation, it also means that every step is done with less overall care and consideration. Good security practices are woven into every level of a project, but with development that focuses only on finishing a single set of features and moving on, devs simply are not taking the time to program in extra security measures.
Finding the Open Doors
The security problem lies in the fact that databases for these mobile apps were connected without a second thought for security on anyone's part, leaving connections to company files wide open for any interested hacker to access, and the damage has already begun. Back in January of 2017, hackers showed off a new innovation in ransomware, targeting over half of the accessible implementations of MongoDB, an incredibly popular no-SQL database structure, downloading data, then replacing it with a demand for ransom. A research effort by Appthority confirmed that there is a wide range of open database implementations among mobile app backends that leave company data unsecured.
Passing the Buck
Who is responsible? Is it the open source databases that include no security measures in their APIs? What about the hurried app makers who deliver a fully functioning but unsecured product? While this leaves the final responsibility on the company that requested the app be produced, how are they to know that the professional programmers they hired did not 'finish the job' with a full security setup?
The problem is a result of the current app development culture and environment. Changing this alarming and incredibly insecure trend in software development will take significant changes to the mobile industry as a whole. In the meantime, companies should be scrambling to close this back-end exposure, cleverly referred to as 'hospital gown', by implementing their own security procedures or re-engaging app developers to fix the software on the inside. Both solutions are probably necessary before all is said and done. For more up-to-date information on business technology and cybersecurity, contact us today.