How To Keep Your App Secure

It’s something that businesses, app developers and users dread; a breach in one or several of their digital platforms. As an investment the last thing you want to do is leave your app or website vulnerable to possible data leaks. In the past there have been many high-profile cases where this has happened, and as a consequence, has lead to some pretty unwelcoming press attention. Given the severe rise in app production, along with a growing number of users engaging with these services, there has never been more pressure for companies to protect their digital infrastructure.

The latest high-profile hacking case of online cheating site Ashley Madison has proven that even the biggest companies with large user bases, in this case a staggering 37 million, aren’t as safe as they think. Although it hasn’t been clarified, Carphone Warehouse also supposedly suffered a hack whereby 2.4 million customers’s names, addresses and bank details were retrieved. Instances like these can potentially lead to a PR headache and a vast amount of negative press and a reduction in app usage as a consequence.

The unfortunate reality is that there are multiple ways that your software can get hacked, and as an app owner you are fully responsible for the security of your users data. Saying this there are simple precautionary measures that you can take to minimise your chances of this happening.

Data Encryption

Before we continue it’s important to establish the importance of data encryption when it comes to developing your app. This basic understanding should give you enough context to realise the importance and significance of effective encryption. Plus it’s also an interesting piece of history knowledge to take away!

Encryption is the process of encoding messages or information in a way that only authorized figures can read and retrieve it. Today especially, given the popularity of internet communication,  it’s known as a conversion of electronic data into another form which is supposed to appear confusing to the normal eye.

However data encryption dates back way further than we think. One of the earliest known forms of encryption was the Caeser Cipher, named after the Roman statesman who used it in his private correspondence. The encryption worked by shifting each letter in a message by a fixed number of positions down the alphabet, so that in the event it was intercepted the message wouldn’t be as it seemed. For example if a ‘shift’ was 5 the letter A would actually be F

Did you know? – Anything that you see on your page can be encrypted. That means both images and letters. An image remains as ones and zeros when it’s moved across the web and decrypted on the other side.

A good example of where you can utilize encryption in your app is by using HTTPS, which we’ll explore below.

HTTP & HTTPS

HTTPS is the De facto method of transport for the web, including the data that powers applications. As you’re sending data, whether it be entering your log in or bank details, HTTPS is an extension to this that encrypts this data as it moves back and forth.

In order to make your app as safe as possible you should look to use HTTPS as your default protocol for secure communication. Without it, hackers, eavesdroppers and surveillance programs can see exactly what you’re doing on your app.

Whether you opt for HTTP or HTTPS does however depend on whether your comfortable with your data being accessible. For instance the material in an enterprise app who are showcasing event space is nowhere near as delicate as, in this instance, the controversial online cheating service Ashley Madison.

Password Strength, Frequency & Notifications

Passwords act as the first line of defence against unauthorized access. It goes without saying that a stronger password will inevitably put your users in a stronger position to combat this, but this doesn’t necessarily refer to its length. Probably one of the biggest cliche’s in the book but it is all about the quality of the password rather than the quantity.

It’s all about finding the balance when it comes to assisting your users with their passwords, either actively or passively doing so:

Actively – Actively assisting means encouraging your users to change their passwords on a frequent basis. If you use Microsoft Outlook then you’ll be familiar with how they request that you change your password on a semi-regular basis. You’re even given timely reminders every day for a month so that you’re not left in the loop on day zero (we’ve all been there!).

Passively – Passively assisting means implementing features that generally don’t put extra responsibility on the user. Banking apps are a prime example of asking users to do as little as possible but with maximum effectiveness. For instance Natwest’s online banking app locally authenticates all user information to that particular smartphone which means that users haven’t got to remember their account number to login, but rather a memorable nifty code.

Notifications are also a great way to let users know of any unusual activity. If you attempt to access a service (in this case your Gmail account) via an unrecognised device then you’re automatically made aware of this. Not only does it allow that user to act on it quickly, it also shows a sign of impeccable customer service.

Fundamentally, the last thing that you want to do is make your users suffer when it comes to their password. Remain firm but fair, but maintain at all times that them selecting and altering their passwords is all in their best interests. After all, it is their data which may potentially be at risk.

Monitoring & Updating Software

Monitoring your application through means of app analytics, access logs and bug tracking software will give you a good chance to identify potential bugs that could lead to exploits.

As frustrating as they may appear for your user these updates are vital for your apps protection and consistency. In the event that you find a flaw (either through your app analytics or access logs) which could potentially be exploited by a hacker, try to approach this as soon as possible so that you minimise the risk of attack.

The time it takes to fix a bug is dependent on two things; identifying the problem and then fixing it, which can range from hours to days.

Android and iOS do in fact differ time wise when it comes to distributing the new apps. Android is notably the faster platform and takes around 40 minutes to do so, whereas iOS can take up to a week.

Also listen to your user base. Your loyal followers use your app on a day-to-day basis and if they claim that something is wrong then listen to their feedback.