Mobile developers make the same mistake as web developers in the early 2000s
Mobile application developers who are going through 'painful times' are the same as web developers (webdevs) in the 1990s and 2000s when the input data validation led to many security issues. Although they learned how to filter out dangerous strings from user input, some still make mistakes.
Business logic towards customers like 1999
New research published by two researchers from Texas A&M University shows that a problem that many mobile applications today encounter belongs to business logic (business logic - such as appraisal of input data, authentication of people use) is in the client-side components of the code and not the server side.
This makes many mobile application users vulnerable to even simple attacks such as injecting malicious code from HTTP requests, which can be easily mitigated if the application's business logic is included in the component side. server.
Not only is the design error, this is a bug related to the security of mobile applications
Leaving the business logic on the client side sounds like a design error but is actually a serious security issue. For example, if an attacker can analyze a mobile application, determine the format of the web request sent to that application server after the user input is verified. It is then possible to edit the parameters of the request to perform bad behavior.
Millions of applications are at risk
The two researchers created the WARDroid system, analyzing a range of mobile applications to determine the format of the web request, and whether it was vulnerable to these types of attacks. WARDroid randomly checks 10,000 applications on Google Play Store and 'detects API errors in more than 4,000 applications, including 1,743 applications using unencrypted HTTP protocols'.
WARDroid does not have to make sure that the application's communication pattern is vulnerable to attack, so the two researchers have manually analyzed randomly 1,000 applications that have been warned, confirming that 962 applications use the API. there is a logical error. If they expand on both Play Store, they believe that the number will be more.
See more:
- 5 types of mobile applications should not be installed on smartphones
- These programming languages for the best mobile application development
- 5 free application building platforms do not need code
You should read it
- [Infographic] The trend of mobile application development will dominate 2019
- These programming languages for the best mobile application development
- What is Duo Mobile? Is it safe to use Duo Mobile?
- 11 things that programmers need to remember when they want to develop mobile applications
- 3DLUT mobile - Professional photo color correction app
- How to turn a website into a desktop and mobile application
- The Next Wave of Mobile Technology in 2023
- How to Become a Mobile Application Developer
May be interested
- By the next generation, the cloud game will replace the game consolethat is the judgment of ceo ubisoft. switching to running games on remote servers will be a big change for the gaming industry.
- 5 reasons iFan should use iWork, Apple's office application collectionmany people despite using macbook but do not know that apple also has for themselves a suite of office applications for ios and macos is also quite effective is iwork.
- How has the Internet evolved?this article brings us back in time to return to the early days of the internet, to learn the important milestones of the internet from 1960 to today.
- 6 things to know about IoT securityiot devices make our lives easier, but security holes are not.
- Will Samsung Galaxy Note 9 replace computers?decode dex technology, highlight on galaxy note 9.
- These are the reasons you should remove CCleaner on Windows right awaythere are windows software you have to think many times before suggesting to others. but when the software is famous and many users meet, the problem becomes much more complicated.