How app & mobile security startups challenging in the post-COVID-19 world? Due to the COVID-19 pandemic, much of the world still spends its days in abnormal living and working conditions. At the height of the COVID-19 outbreak, nearly 2 billion people were forced into quarantine. In addition, over 91% of the Earth’s population (close to 7.1 billion people) was left trapped in a country that had closed its borders.
Just as every situation breeds winners and losers, the COVID-19 pandemic was no exception. All affected companies saved what they could and began the journey of switching to telecommuting. Because of this, the internet and its digital ecosystems have become the only link between business operations, logistics, and finances. This has caused a surge in unemployment but on the other hand the need for new innovation.
The Need for Innovation
In a study conducted by Woodside Capital Partners, it was seen that 99 Startups Poised for Growth : Prospering Amidst Pandemic. This study goes into detail on how major players in the Health Tech, Education Tech, Lifestyle, Drone and Delivery sectors have turned the crisis around. The driving force behind them? Remote workers. These sectors, in particular, have taken advantage of the pandemic by innovating.
The sectors mentioned above also face major challenges. From a cybersecurity point of view, the number of data attacks, malware and data theft has increased. This shows that the digital world must innovate to be prepared for a “cyber pandemic” alongside COVID-19. To better understand the parallels drawn between our analogue world and the digital one, consider reading this brilliant article by the World Economic Forum.
Mobile Application Security
Cybercriminals have developed a separate strategy in which they build upon fears caused by the COVID-19 pandemic. E-mail scams, phishing tactics, misleading applications, and fake COVID-19 (so called contact tracing) applications have unfortunately become commonplace during this time. One of the latest cybercrime trends includes using words such as “covid” and “virus” leading to third-party Android stores.
The App Store Search (ASO) engine optimization allows for a particular application to easily be found. This means that adware and other malicious apps simply need to be made available for download. The goal of this tactic is to get an unsuspecting user’s data or going as far as using a phone as a live tracker.
Unfortunately, this is only one of the many tactics which cybersecurity companies have to face. In order to prevent this from happening, Apple and Google App Stores should run all of their applications through a security filter. At least they should be the first bastion in this battle. There are news on a weekly basis that TikTok is also questionable from a national security perspective.
Since COVID-19 is already on everyone’s minds, it is worth mentioning the unsafe nature of contact-tracing applications (highly recommended by local governments). In the case of Qatar, sensitive data from over 1 million residents were recently released. Unfortunately, this is not unique, as privacy and security concerns are real for these applications in India and in the UK as well.
Such vulnerabilities could be avoided if cybersecurity – testing and hardening – was included directly in the app development process. The essence of development security operations (DevSecOps) is the “security as code” principle, which more and more software development companies are trying to integrate into their processes.
The only question left is: “if an app doesn’t exist in official app stores and the developers are not identifiable, how do we know if we should trust it?” It is at this point that mobile application security developments enter the picture.
Mobile application security analysis tools are designed to automatically scan applications in order to detect vulnerability to hacking, data leaks, malicious code and other weaknesses. Both internally developed and external applications (used in BYOD) can be analysed, allowing organizations to protect their employees and IT assets from external threats.
Mobile security startups
Two types of analysis are needed – first a code auditing since the developers wrote at least a big part of the source code. This is a crucial step and there are multiple companies offering services in this field (mobile security startups like: Checkmarx, Puffin, Veracode, etc).
The second type is black box, also known as behavioural testing, where the binary (IPA or APK) is being put into an engine that tries automated reverse engineering (because the item being tested is not known to the tester), de-obfuscation, static and dynamic testing automatically. These tests can be functional or non-functional, though usually functional. These tools of black-box testing are available with CI/CD connections to enable seamless integration into the processes.
App-Ray serves in this area. The service does not require the mobile application code. You just need to select your application, Android or iOS, and submit it – all your job is done. If is needed API-submission and batch processing are also available. You will see what data was transmitted, when and how. And most of all, to where.
App-Ray strongly believes that mobile application security testing is a multi-step process and can be done right by using multiple tools, seamless integrations and common sense. Fully automated – Fast – Efficient
Guest post by Gabriel Varaljay, parallel entrepreneur, digital marketing and social media and growth hacker.