Chapter 1. The Mobile Application Security Landscape

Life is now in the palm of your hands. Risk is real, threats are growing!

With more than 1 billion users worldwide and 2.5 million applications (and still counting) available across Google and Apple digital marketplaces, smartphones have become commonplace. The difference they make to our lives is stark and simple, and is impacting our day to day life in multiple ways—in particular, the way we interact, work, and socialize. The increase in demand from consumer market and processing power and the capabilities of smartphones, such as storage, GPS, camera, displays, and so on, have changed the paradigm of the development of mobile applications. The ability to do online banking, trading, e-mails, airport check-ins, and much more is just a tap away.

Mobile application development is the hottest type of software development right now. New surface area equals dangerous surface area, which means that the uppermost layer of smartphones is mobile apps, which are the potential targets of adversaries.

This chapter will cover the current state of mobile application security. We will discuss some of the public vulnerabilities that are disclosed in various mobile applications in order to provide a context and reasons why security needs to be at the forefront of every mobile application developer's mind. We will also cover the following topics:

• Android and iOS vulnerabilities
• Key challenges in mobile application security
• The impact of mobile application security
• The need for mobile application penetration testing
• The mobile application penetration testing methodology
• The OWASP (short for Open Web Application Security Project) mobile top 10 risks

There is no doubt that mobile applications have emerged as one of the most significant innovations of all time. Statista (for more information, visit http://www.statista.com/), a statistical portal company, reports that there are around 1.6 million applications in Google Play Store, 1.5 million applications in the Apple app store, 400,000 applications in the Amazon app store, 340,000 applications in Windows Phone Store, and 130,000 applications in Blackberry World. These statistics alone reflect the exponential growth in mobile applications over the years.

Numerous applications are introduced in stores every single week. At the same time, thousands of cyber criminals, also known as hackers, keep a tab on these applications by constantly looking for new applications that are published to the stores and try to compromise the user information or embed any malicious programs by various techniques. None of the development frameworks currently used are proven as immune to security issues.