Mobile developers make the same mistake as web developers in the early 2000s
Although they learned how to filter out dangerous strings from user input, some still make mistakes.
Mobile application developers who are going through 'painful times' are the same as web developers (webdevs) in the 1990s and 2000s when the input data validation led to many security issues. Although they learned how to filter out dangerous strings from user input, some still make mistakes.
Business logic towards customers like 1999
New research published by two researchers from Texas A&M University shows that a problem that many mobile applications today encounter belongs to business logic (business logic - such as appraisal of input data, authentication of people use) is in the client-side components of the code and not the server side.
This makes many mobile application users vulnerable to even simple attacks such as injecting malicious code from HTTP requests, which can be easily mitigated if the application's business logic is included in the component side. server.
Not only is the design error, this is a bug related to the security of mobile applications
Leaving the business logic on the client side sounds like a design error but is actually a serious security issue. For example, if an attacker can analyze a mobile application, determine the format of the web request sent to that application server after the user input is verified. It is then possible to edit the parameters of the request to perform bad behavior.
Millions of applications are at risk
The two researchers created the WARDroid system, analyzing a range of mobile applications to determine the format of the web request, and whether it was vulnerable to these types of attacks. WARDroid randomly checks 10,000 applications on Google Play Store and 'detects API errors in more than 4,000 applications, including 1,743 applications using unencrypted HTTP protocols'.
WARDroid does not have to make sure that the application's communication pattern is vulnerable to attack, so the two researchers have manually analyzed randomly 1,000 applications that have been warned, confirming that 962 applications use the API. there is a logical error. If they expand on both Play Store, they believe that the number will be more.
See more:
- 5 types of mobile applications should not be installed on smartphones
- These programming languages for the best mobile application development
- 5 free application building platforms do not need code
You should read it
- 5 free application building platforms do not need code
- 7 Framework JavaScript for mobile application development
- [Infographic] The trend of mobile application development will dominate 2019
- These programming languages for the best mobile application development
- Current Trends in Mobile App Development For 2022
- Things to Keep in Mind Before Developing a Mobile App
- What is Duo Mobile? Is it safe to use Duo Mobile?
- 11 things that programmers need to remember when they want to develop mobile applications
- 3DLUT mobile - Professional photo color correction app
- How to turn a website into a desktop and mobile application
- The Next Wave of Mobile Technology in 2023
- How to Become a Mobile Application Developer
Maybe you are interested
UltraISO - Download UltraISO Impress with magical photos without resorting to Photoshop Funny prediction: The 2022 smartphone will look like this 12 kinds of ornamental plants bring fortune to the house on Tet holiday Should you burn the peach root before plugging it to the flower for long? 10 new and beautiful Christmas messages, Christmas SMS messages updated