Mobile app developers: Make sure your back end is covered
Application security isn’t just a developer’s problem. IT staff and the security team also have roles to play in setting up the infrastructure and implementing security controls. When IT administrators forget the security basics for the app’s back-end servers, they undermine the developer’s good security decisions.
Researchers at mobile security company Appthority recently analyzed apps installed on enterprise devices (including both mobile devices issued and managed by enterprise IT as well as personal devices in a BYOD scenario) and found more than 1,000 apps where data was being exposed because the apps’ backend servers lacked security controls. The servers, which hosted databases for storing user data and analytic tools to mine and analyze collected data, didn’t have firewalls, did not require authentication, and was publicly accessible from the internet.