Mobile developers make the same mistake as web developers in the early 2000s
Mobile application developers who are going through 'painful times' are the same as web developers (webdevs) in the 1990s and 2000s when the input data validation led to many security issues. Although they learned how to filter out dangerous strings from user input, some still make mistakes.
Business logic towards customers like 1999
New research published by two researchers from Texas A&M University shows that a problem that many mobile applications today encounter belongs to business logic (business logic - such as appraisal of input data, authentication of people use) is in the client-side components of the code and not the server side.
This makes many mobile application users vulnerable to even simple attacks such as injecting malicious code from HTTP requests, which can be easily mitigated if the application's business logic is included in the component side. server.
Not only is the design error, this is a bug related to the security of mobile applications
Leaving the business logic on the client side sounds like a design error but is actually a serious security issue. For example, if an attacker can analyze a mobile application, determine the format of the web request sent to that application server after the user input is verified. It is then possible to edit the parameters of the request to perform bad behavior.
Millions of applications are at risk
The two researchers created the WARDroid system, analyzing a range of mobile applications to determine the format of the web request, and whether it was vulnerable to these types of attacks. WARDroid randomly checks 10,000 applications on Google Play Store and 'detects API errors in more than 4,000 applications, including 1,743 applications using unencrypted HTTP protocols'.
WARDroid does not have to make sure that the application's communication pattern is vulnerable to attack, so the two researchers have manually analyzed randomly 1,000 applications that have been warned, confirming that 962 applications use the API. there is a logical error. If they expand on both Play Store, they believe that the number will be more.
See more:
- 5 types of mobile applications should not be installed on smartphones
- These programming languages for the best mobile application development
- 5 free application building platforms do not need code
You should read it
- [Infographic] The trend of mobile application development will dominate 2019
- These programming languages for the best mobile application development
- What is Duo Mobile? Is it safe to use Duo Mobile?
- 11 things that programmers need to remember when they want to develop mobile applications
- 3DLUT mobile - Professional photo color correction app
- How to turn a website into a desktop and mobile application
- The Next Wave of Mobile Technology in 2023
- How to Become a Mobile Application Developer
May be interested
- Marvel's Best Games Evermany of marvel's video games have been loved since the early 2000s. if you want to play the role of superheroes like iron man, spider-man or hulk, then choose one of the top marvel's best games.
- Top hottest mobile game in early 2019these are the titles that are highly appreciated with beautiful graphics, creativity in combining gameplay and recreating old pc games.
- Chance to join Google Indie Games Accelerator, the program to create 'blockbuster' mobile game for Vietnamese developersgoogle indie games accelerator is a google program to train potential developers from asian countries like india, indonesia, malaysia, pakistan, philippines, singapore, thailand or vietnam so they can build , expand, release and trade successively next-generation mobile blockbuster titles.
- Optimize website with Mobile Seachnot only are web designers or developers, administrators need to quickly identify and adapt to many changes of the surrounding environment, thereby giving reasonable strategies to optimize the system. their website, here we are referring to the search market on mobile devices - mobile search ...
- Google confirmed the release of Android 5.0 Lollipop in early November 2014google has just confirmed it will release android 5.0 lollipop on november 3 in a report for developers. the notice notes developers that android 5.0 sdk is available for download.
- 7 absolute habits should not be done after waking up in the morningget up early but still do not change these 7 habits, your morning is still very tired and just want to go back to bed to ... continue to sleep.
- The most common mistake when writing a job application even a successful person suffersexperts who read more than 4,000 applications say that this is the biggest mistake when writing applications that even the most successful people get.
- Recruiting 'Z generation': 7 things managers need to knowgeneration z, digital generation or gen z is the general term for people born between the mid-1990s and the early 2000s, strongly influenced by electronic devices such as smartphones, tablets and the development of modern technology.
- iOS has 130,000 applications from Chinese developerschinese developers are taking up a large number of more than a million apps on the app store and are expected to continue to grow as apple expands in asia.
- 70% of developers choose Android as their main stopios may be the operating system that helps raise the level of high-end applications of many developers, but few know that android is really a dock that attracts the attention of most developers today.