Mobile apps practically have a target painted on their back. Promon’s recent malware vulnerability discovery dubbed “StrandHogg 2.0” is the latest example of what dangerous malware could do if exploited in the wild – possibly exposing Android users’ mobile banking credentials and access one-time-passwords sent via SMS.
While the potential for damage is pretty clear, there are steps app developers can take to protect apps and users against threats such as these. Android users should update their device to the latest version of Android. Unfortunately, depending on the device manufacturer and a user’s service provider/carrier that may not be possible. This is why app developers and especially developers of mobile financial services apps need to take note.
This latest vulnerability serves as a reminder that there’s no reliable way to know the precise security status of mobile devices on which your mobile app operates. Developers have no real way of knowing whether a user’s device is riddled with vulnerabilities, or compromised with malware or not. This is why advanced security such as app shielding and runtime protection that travels with the app to defend it even in hostile conditions is crucial to a complete, layered approach to mobile app security.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics