Mobile security: Mobile apps can be a security time bomb


There’s a common misconception that once an app is developed, it should be set in stone. We strive to achieve that as much as possible, but as technology changes, the program has to be updated to keep up. Updates are critical to keep the app working and to give users a better experience. But most of all, updates are a major factor in mobile security.

The problem with automatic updates and mobile security

Automatic updates are an important feature of modern smartphones. But many people turn off auto updates on their mobile devices. In fact, if you Google “how to disable automatic updates on smartphone,” you’ll get 31.6M results!

Users turn off their auto updates because the apps often update via the cellular signal, and they get charged data fees. Transferring huge amounts of data can run down their batteries faster, as well. And some people just don’t like their favorite apps to be messed with—an “improvement” can introduce new bugs or take away a feature they really love.

One of our clients refused to update his phone from iOS7 to iOS8. He said, “If I do it now, then it’s going to cause my whole system to reboot. And if I reboot now, I’ll miss phone calls.”

The dangers of not updating your apps

The risks of disabling your automatic updates can be much worse than the benefits, especially when it comes to mobile security. Your smartphone depends on those auto updates to keep your data secure. Let’s say you’re using a banking app. If you turn off your updates, you won’t get the most updated encryption for the app. That can cause problems, because if you’re on a free wi-fi, someone can sniff it, come through, and grab your information.

We live on the phone. We live on our apps. We’re starting to use wearable technology now. Mobile apps are practically our lifeline, and if the data you keep on them isn’t secure, you’re playing Russian roulette with your phone.

The number one danger of not updating your mobile apps is identity theft. Amazingly, a lot of people store their social security numbers and account numbers in their Contacts list, in the Notes section. They’ll mix the numbers up, but it only takes a little work to figure out the right combination. Identity thieves can crawl through your Contacts and steal that personal information.

If you’re doing work that involves proprietary information, and your work email is on your personal phone, that’s tappable. People can get into that and steal any proprietary information in your emails. They can look at the actual email and see what you wrote.

Other ways to protect your data

Updating your apps is a must, but it’s not the only thing you should do to protect yourself. Here are a few other ways to keep your data safe:

  • Download security apps. I recommend Defenx Security Suite or the Max security app for iOS.
  • Double-encrypt your passwords and use tougher passwords to crack.
  • Don’t connect to the free Wi-Fi networks to do any sensitive work/browsing. You never know when there is a hacker sniffing the network for people on Wi-Fi.
  • Connect via VPN, either from work or through an app such as secure wireless for Android:
  • Be cautious of any “free Wi-Fi” in a well-populated area. You don’t know anything about the network, and it could be a hacker using their own access point. Once you’re connected to it, your phone becomes part of that network and they can see anything they want from within your phone. So stay away from any plainly named hotspot such as “Free WiFi” that doesn’t require a password.

One final word about Wi-Fi hotspots: Generally speaking, any Wi-Fi hotspot that needs a password should already have security measures built in so that hackers can’t sniff into the network. This is good for the customer using the free Wi-Fi, like at Panera Bread or Starbucks. A company that large will have security measures in place to protect themselves, as well as their customers.

You need to be active on a public Wi-Fi to be open to attack. If your device is Wi-Fi enabled but you’re not using it, hackers won’t have access.

Next steps

hbspt.cta.load(2637494, ‘7be9b60b-533e-4a11-9fb1-d6f541024810’, {});