Mobile apps are susceptible to malware, ransomware, spyware, coding flaws, and other attacks that can compromise personal data stored on the devices. Mobile apps and related services are evolving at a rapid pace with new apps and updates, operating system updates, and service provider updates frequently introduced. The average user has few options on how to provide for app security.
The Department of Homeland Security’s (DHS) Science and Technology Directorate’s (S&T) https://www.dhs.gov/science-and-technology researchers are working on mobile app security throughout the app’s lifecycle.
The DHS and their “Mobile App Security Project” is focused on primary research and development efforts https://www.dhs.gov/science-and-technology/cd-mobile-app-security by doing continuous mobile app monitoring, vetting, and security assurance.
The private sector is also advancing in developing security for mobile apps. Recently, Qualcomm Cyber Security exhibited in San Francisco at the RSA18 Conference held April 16-20, 2018 https://www.rsaconference.com.
The company is developing a solution to use mobile device hardware-anchored “Mission Critical Grade Security Layer” (MCGSL) to protect against zero day attacks. The goal is to leverage their mobile security platform and use their research partner Kryptowire’s https://www.kyptowire.com mobile app security testing platform.
This approach will provide an Application Programming Interface (API) to the mobile app vetting platform to check the integrity of a device and its apps. This technology will provide an app with behavioral profile information and user authentication information which will cover a wide range of threats, reduce false-positives of security incidents, and defend against zero-day threats.
Red Hat Inc., http://www.redhat.com/en another exhibitor at the RSA18 Conference is also working with Kryptowire to secure the mobile app development lifecycle where unsecure code could possibly be introduced either intentionally or unintentionally by a rogue worker.