10%

Try : Insurtech, Application Development

Edtech(5)

Events(34)

Interviews(10)

Life@mantra(11)

Logistics(1)

Strategy(14)

Testing(8)

Android(46)

Backend(29)

Dev Ops(3)

Enterprise Solution(22)

Frontend(28)

iOS(41)

Javascript(13)

Augmented Reality(17)

Customer Journey(12)

Design(13)

User Experience(34)

AI in Insurance(31)

Insurtech(59)

Product Innovation(37)

Solutions(15)

E-health(3)

HealthTech(8)

mHealth(3)

Telehealth Care(1)

Telemedicine(1)

Artificial Intelligence(109)

Bitcoin(7)

Blockchain(18)

Cognitive Computing(7)

Computer Vision(8)

Data Science(14)

FinTech(44)

Intelligent Automation(26)

Machine Learning(46)

Natural Language Processing(13)

12 Tips To Secure Your Mobile Application

Cyber attacks and data theft have become so common these days especially when it comes to mobile applications. As a result, mobile apps that experience security breaches may suffer financial losses. With many hackers eyeing to steal customer data, securing these applications has become the number one priority for organizations and a serious challenge for developers. According to Gartner’s recent research, Hype Cycle for Application Security, investment in application security will increase by more than two-fold over the next few years, from $6 billion this year to $13.7 billion by 2026. Further, the report stated, “Application security is now top-of-mind for developers and security professionals, and the emphasis is now turning to apps hosted in public clouds,” It is crucial to get the fundamental components of DevOps security correct. Here are the 12 tips to secure your mobile application: 

1. Install apps from trusted sources:

It’s common to have Android applications republished on alternate markets or their APKs & IPAs made available for download. Both APK and IPA may be downloaded and installed from a variety of places, including websites, cloud services, drives, social media, and social networking. Only the Play Store and the App Store should be allowed to install trustworthy APK and IPA files. To prevent utilizing these apps, we should have a source check detection (Play Store or App Store) upon app start.

Also read, https://andresand.medium.com/add-method-to-check-which-app-store-the-android-app-is-installed-from-or-if-its-sideloaded-c9f450a3d069

2. Root Detection:

Android: An attacker could launch a mobile application on a rooted device and access the local memory or call specific activities or intents to perform malicious activities in the application. 

iOS: Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data stored in other apps or install malicious software negating sandboxing functionality. 

More on Root Detection- https://owasp.org/www-project-mobile-top-10/2016-risks/m8-code-tampering

3. Data Storing:

Developers use Shared Preferences & User Defaults to store key-value pairs like tokens, mobile numbers, email, boolean values, etc. Additionally, while creating apps, developers prefer SQLite databases for structured data. It is recommended to store any data in the format of encryption so that it is difficult to extract the information by hackers.

4. Secure Secret Keys:

API keys, passwords, and tokens shouldn’t be hardcoded in the code. It is recommended to use different techniques to store these values so that hackers cannot get away quickly by tampering with the application. 

Here’s a reference link: https://guides.codepath.com/android/Storing-Secret-Keys-in-Android

5. Code Obfuscation

An attacker may decompile the APK file and extract the source code of the application. This may expose sensitive information stored in the source code of the application to the attacker which may be used to perform tailored attacks. 

It is better to obfuscate the source code to prevent all the sensitive information contained in the source code.

6. Secure Communication:

An attacker may perform malicious activities to leverage the level of attacks since all communication is happening over unencrypted channels. So always use HTTPS URLs over HTTP URLs.

7. SSL Pinning:

Certificate pinning allows mobile applications to restrict communication only to servers with a valid certificate matching the expected value (pin). Pinning ensures that no network data is compromised even if a user is tricked into installing a malicious root certificate on their mobile device. Any app that pins its certificates would thwart such phishing attempts by refusing to transmit data over a compromised connection

Please refer: 

https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning

8. Secure API request & response data

The standard practice is to use HTTPS for the baseline protection of REST API calls. The information sent to the server or received from the server may be further encrypted with AES, etc. For example, if there are sensitive contents, you might choose to select those to encrypt so that even if the HTTPS is somehow broken or misconfigured, you have another layer of protection from your encryption.

9. Secure Mobile App Authentication:

In case an application does not assign distinct and complex session tokens after login to a user, an attacker can conduct phishing in order to lure the victim to use a custom-generated token provided by the attacker and easily bypass the login page with the captured session by using a MiTM attack.

i) Assign a distinct and complex session token to a user each time he/she logs on successfully to the application. 

ii) Terminate the session lifetime immediately after logging out. 

iii) Do not use the same session token for two or more IP addresses. 

iv) Limit the expiry time for every session token.

10.  Allow Backup 

Disallow users to back up an app if it contains sensitive data. Having access to backup files (i.e. when android:allowBackup=”true”), it is possible to modify/read the content of an app even on a non-rooted device. So it is recommended to make allow backup false. 

11. Restrict accessing android application screens from other apps

Ideally, your activities should not give any provision to the opening from other services or applications. Make it true only when you have a specific requirement to access your flutter screens from other apps otherwise change to android:exported= ”false”

12. Restrict installing packages from the android application

REQUEST_INSTALL_PACKAGES permission allows apps to install new packages on a user’s device. We are committed to preventing abuse on the Android platform and protecting users from apps that self-update using any method other than Google Play’s update mechanism or download harmful APKs.

Conclusion: 

Mobile Apps have become more personalized than ever before with heaps of customers’ personal data stored in them every day. In order to build trust and loyalty among users and prevent significant financial and credential losses for the companies, it is now crucial to make sure the application is secure for the user. Following the above-mentioned mobile app security checklists will definitely help to prevent hackers from hacking the app.

About the Author:

Raviteja Aketi is a Senior Software Engineer at Mantra Labs. He has extensive experience with B2B projects. Raviteja loves exploring new technologies, watching movies, and spending time with family and friends.

Read our latest blog: Implementing a Clean Architecture with Nest.JS

Cancel

Knowledge thats worth delivered in your inbox

Retention playbook for Insurance firms in the backdrop of financial crises

4 minutes read

Belonging to one of the oldest industries in the world, Insurance companies have weathered multiple calamities over the years and have proven themselves to be resilient entities that can truly stand the test of time. Today, however, the industry faces some of its toughest trials yet. Technology has fundamentally changed what it means to be an insurer and the cumulative effects of the pandemic coupled with a weak global economic output have impacted the industry in ways both good and bad.

Chart, line chart

Description automatically generated

Source: Deloitte Services LP Economic Analysis

For instance, the U.S market recorded a sharp dip in GDP in the wake of the pandemic and it was expected that the economy would bounce back bringing with it a resurgent demand for all products (including insurance) across the board. It must be noted that the outlook toward insurance products changed as a result of the pandemic. Life insurance products were no longer an afterthought, although profitability in this segment declined over the years. Property-and-Casualty (P&C) insurance, especially motor insurance, continued to be a strong driver, while health insurance proved to be the fastest-growing segment with robust demand from different geographies

Simultaneously, the insurance industry finds itself on the cusp of an industry-wide shift as technology is starting to play a greater role in core operations. In particular, technologies such as AI, AR, and VR are being deployed extensively to retain customers amidst this technological and economic upheaval.

Double down on digital

For insurance firms, IT budgets were almost exclusively dedicated to maintaining legacy systems, but with the rise of InsurTech, it is imperative that firms start dedicating more of their budgets towards developing advanced capabilities such as predictive analytics, AI-driven offerings, etc. Insurance has long been an industry that makes extensive use of complex statistical and mathematical models to guide pricing and product development strategies. By incorporating the latest technological advances with the rich data they have accumulated over the years, insurance firms are poised to emerge stronger and more competitive than ever.

Using AI to curate a bespoke customer experience

Insurance has always been a low-margin affair and success in the business is primarily a function of selling the right products to the right people and reducing churn as much as possible. This is particularly important as customer retention is normally conceived as an afterthought in most industries, as evidenced in the following chart.

Chart, sunburst chart

Description automatically generated

        Source: econconusltancy.com

AI-powered tools (even with narrow capabilities) can do wonders for the insurance industry at large. When architected in the right manner, they can be used to automate a bulk of the standardized and automated processes that insurance companies have. AI can be used to automate and accelerate claims, assess homeowner policies via drones, and facilitate richer customer experiences through sophisticated chatbots. Such advances have a domino effect of increasing CSAT scores, boosting retention rates, reducing CACs, and ultimately improving profitability by as much as 95%.

Crafting immersive products through AR/VR

Customer retention is largely a function of how good a product is, and how effective it is in solving the customers’ pain points. In the face of increasing commodification, insurance companies that go the extra mile to make the buying process more immersive and engaging can gain a definite edge over competitors.

Globally, companies are flocking to implement AR/VR into their customer engagement strategies as it allows them to better several aspects of the customer journey in one fell swoop. Relationship building, product visualization, and highly personalized products are some of the benefits that AR/VR confers to its wielders.  

By honoring the customer sentiments of today and applying a slick AR/VR-powered veneer over its existing product layer, insurance companies can cater to a younger audience (Gen Z) by educating them about insurance products and tailoring digital delivery experiences. This could pay off in the long run by building a large customer base that could be retained and served for a much longer period.

The way forward

The Insurance industry is undergoing a shift of tectonic proportions as an older generation makes way for a new and younger one that has little to no perceptions about the industry. By investing in next-generation technologies such as AR/VR, firms can build new products to capture this new market and catapult themselves to leadership positions simply by way of keeping up with the times.

We have already seen how AR is a potential game-changer for the insurance industry. It is only a matter of time before it becomes commonplace.

Cancel

Knowledge thats worth delivered in your inbox

Loading More Posts ...