Mobile is fast becoming the preferred method for individuals to access critical online services. This increasingly means that sensitive personal information is being stored on mobile phones. Criminals are aware of the value of this data – which affects a wide range of industries and sectors. These criminals are intelligent and highly resourced so can exploit weaknesses in the mobile platforms, operating systems and applications.
Research suggests that half of mobile users will not take any steps to protect their devices, even when aware of the risks; and so-called operating system defences are easily broken down. Mobile application developers need to be aware of this; and have to assume that the devices their applications are running on have been - or will be - compromised. This means that developers need to take responsibility of making their applications protect themselves.
Inside Secure’s Core and WhiteBox have been deployed in more than 400 million mobile applications to secure financial, entertainment and gaming services. These applications have successfully gone through extensive penetration and attack testing by external security labs. This whitepaper draws on that experience to discuss architecture and techniques that mobile developers must apply to ensure that their applications are secure against any potential leak of sensitive data.