Develop a safer phone APP what should we pay attention to

Due to the growing popularity of Android and iOS,  app developers submit an average of about 1,000 app applications daily at the App Store. Experts calculate that there will be more than 2.15 billion smartphone users worldwide by 2017, a figure that alone answers the fact that mobile app development will be considered the most intriguing thing. Starting from the application's security, let's take a look at the top ten mobile app trends. In 2016, the use of mobile applications accounted for 86% of mobile clients, an increase of 6%.

Due to changes in user behavior, the Android Alliance is facing the following major mobile security challenges:

Enterprise mobile devices and BYOD management; management and control of application installation in the workplace; protection of sensitive data and key information from online fraud and disclosure; equipment ownership: roles within users and other organizations.

Focus on the security vulnerabilities and risks of mobile devices and applications, we can list the following key threats:

Malware, which is malware (often modular) is tailored to specific business needs. Examples: password cracking, crypto-currency banking modules, modules, plug-in modules, geo-location based launchers; and next-generation viruses and worms aimed at Internet of Things (IoT) enabled devices. Examples: Darlloz can attack a range of small devices such as home routers, set-top boxes and webcams, as well as traditional PCs and mobile devices; chameleons, a virus that moves through densely populated areas when it comes to Wi-Fi networks; mobile devices Leaks (through jailbreak etc.); web-based attacks; network and system abuse, ie malicious encryption and data modification; availability of resources and services abuse, ie spam botnet, sms and telephone; data loss and integrity; insecure networks ; The back door to the enterprise network; social engineering attacks, that is, phishing; the process was hijacked, this is almost the most targeted one attack, and usually through the process of injection or debugging process to hook process, change the program run Logic and order, access to program memory information, that is, all the user's behavior is being monitored, which is the most commonly used way to steal account passwords.

So what are the key barriers to effective mobile security?

Due to the open source feature, Android has won the support of the majority of manufacturers and developers. According to a foreign research report, the share of China in the first three months of July this year dropped to 14.3%. At the same time, Android market share increased to 85%, setting a record high. The growth of market share makes Android application market more prosperous, but there is a growing prosperity behind the growing problem that a large number of Android apps are pirated. Domestic Android app piracy serious and domestic ecological, various domestic Android market distribution channels, while there is only one foreign Googleplay.

The lack of a clear market definition and understanding in a global business community, the lack of understanding of modern security vulnerabilities, has the consequence that business leaders lack the purpose of buying; traditional rather than mobile priorities, devices and networks Security; a device-centric, user-centric approach; a lack of security standards in an innovative emerging market; and the security of mobile devices and applications.

The traditional access control, that is, the protection of device passwords and idle time screen locks; the application source where the user decides whether they want to use an application based on the publisher's identity; encryption, that is, in such a way that only authorized parties can access it The ability to access sensitive data and systems within the limits of authority; access-based access control, which grants permissions and then limits the application's ability to access devices / systems within its authority; There are many developers lack of security awareness, developed Android app did not take any protective measures, can be easily anti-counterfeiting pirates.

Some syntax and design specific to Android, there is also the risk of being attacked, usually our code will be carried out before the official safety scan, scan the most important thing is to scan the following points: This is relatively simple, does not allow the printing of sensitive data, and then Before publishing the print log must be turned off the switch. In order to start another application Activity, we often use some implicit Intent, if it contains some sensitive information, as long as the third-party app registered the same Intent Filter, it is possible to intercept sensitive information, so send implicit Intent , You must specify the recipient and permissions.

We do not want hackers to remove application locks that prevent non-paying users from using certain features. The risk we have when developing sensitive applications is that hackers will be able to modify the application into all the input information it will return to him. While this is not the case for app stores, users can go to fake apps many other places and steal all of their data in a completely transparent way. Every Android developer should be aware that it is fairly easy for an experienced person to decompile an Android application when developing sensitive applications.

Only when the system structure is safe, the application is safe. One can develop technically safer applications, but all efforts are meaningless if the server does not have a well-validated authentication system. At the same time, ensuring perfect security borders is the responsibility of mobile app developer.