How to prevent your mobile app from getting hacked

TriviaCrack may be addicting to users, but criminals are hooked on getting your personal information from other apps you use.

1 app hacked
Credit: Steve Traynor/IDG
Trivial matter?

The average user has around 26 to 55 applications downloaded to his smartphone device. Most likely, you have entertainment and gaming apps, a banking app, a few social media apps, fitness apps, and eCommerce apps to shop at your favorite stores.

While you probably don’t care if an app like TriviaCrack gets hacked, a lot of your apps have information that you wouldn’t want anyone else to access; your location, credit and debit card information, and photos.

As a user, there are actions you can take to make sure your apps are secure; from a development standpoint, you must consider certain protocols to ensure that the application’s code doesn’t get hacked. Keval Baxi, CEO of Codal walks through ways to shore up your apps.

2 token authentication locks
Credit: Thinkstock
Use a token-based authentication to access APIs

A lot of mobile applications do not use proper authentication methods, which is what leaks data. A “token” is a bit of data that doesn’t have much meaning by itself, but with the precise tokenization system, it becomes a crucial aspect in securing your mobile app. Token-based authentication ensures that every API request to the server is verified for authenticity, and only responds to the request once it is verified.

prevent your mobile app from getting hacked
Credit: Thinkstock
Use Android KeyChain and iCloud Keychain to store sensitive information

A keychain on a mobile device is a secure storage container to keep your data such as logins, usernames and passwords for all of your applications. It’s better for developers to leverage this feature of the operating system for data storage, rather than storing it themselves via p-list files, or NSUserDefaults. Using the keychain also allows the user to not have to login every time the application is opened.


4 encryption
Credit: Steve Traynor/IDG
Use encryption while saving any user data in local database

Encryption is the process of translating data and plaintext into a “secret code”, called ciphertext. For the ability to read ciphertext, you either need to have a password to decrypt it, or use a secret key, making encryption one of the most efficient ways to secure your data.


5 fingerprint
Credit: ar130405
Use the fingerprint lock for an app login, instead of a username and password

According to Apple, the probability of a match on your fingerprint is 1 in 50,000, while the match for a four-digit passcode is 1 in 10,000. This makes a fingerprint login far more secure than using a traditional passcode. Every fingerprint is unique to the user, whereas a password is not. As of iOS version 8, Apple opened the doors for developers to Touch ID, making an API available to use in the SDK (software development kit).

 RELATED: The future of biometrics and IoT

prevent your mobile app from getting hacked
Credit: Steve Traynor/IDG
Notifications for suspicious activity

When a user logs into an app from a new device, or from a new, unknown location, a notification can be sent to the user through email, text, or a push notification to verify that this login was them. There are very few apps that do this, Gmail being one of them. A notification to verify that a login was them will ensure that the user will be aware if a hack occurs.

prevent your mobile app from getting hacked
Credit: Thinkstock
Always use https (SSL)

Installing SSL to the server gives a developer the ability to use the HTTPS protocol, which should always be used for maximum security. HTTPS helps prevent an intruder from interfering with the transfer of data between an app, and its server.


prevent your mobile app from getting hacked
Credit: Thinkstock
Defend against reverse engineering

It’s not impossible for developers to reverse engineer an app, to take data and source code away. To prevent this from happening, you can confuse the hacker by changing the name of important classes and methods in the preprocessor. A second solution is to dissemble the symbol table after the project is complete.

RELATED: 5 active mobile threats spoofing enterprise apps