How to prevent your mobile app from getting hacked

TriviaCrack may be addicting to users, but criminals are hooked on getting your personal information from other apps you use.

1 app hacked
Steve Traynor/IDG

Trivial matter?

The average user has around 26 to 55 applications downloaded to his smartphone device. Most likely, you have entertainment and gaming apps, a banking app, a few social media apps, fitness apps, and eCommerce apps to shop at your favorite stores.

While you probably don’t care if an app like TriviaCrack gets hacked, a lot of your apps have information that you wouldn’t want anyone else to access; your location, credit and debit card information, and photos.

As a user, there are actions you can take to make sure your apps are secure; from a development standpoint, you must consider certain protocols to ensure that the application’s code doesn’t get hacked. Keval Baxi, CEO of Codal walks through ways to shore up your apps.

2 token authentication locks

Use a token-based authentication to access APIs

A lot of mobile applications do not use proper authentication methods, which is what leaks data. A “token” is a bit of data that doesn’t have much meaning by itself, but with the precise tokenization system, it becomes a crucial aspect in securing your mobile app. Token-based authentication ensures that every API request to the server is verified for authenticity, and only responds to the request once it is verified.

prevent your mobile app from getting hacked

Use Android KeyChain and iCloud Keychain to store sensitive information

A keychain on a mobile device is a secure storage container to keep your data such as logins, usernames and passwords for all of your applications. It’s better for developers to leverage this feature of the operating system for data storage, rather than storing it themselves via p-list files, or NSUserDefaults. Using the keychain also allows the user to not have to login every time the application is opened.


4 encryption
Steve Traynor/IDG

Use encryption while saving any user data in local database

Encryption is the process of translating data and plaintext into a “secret code”, called ciphertext. For the ability to read ciphertext, you either need to have a password to decrypt it, or use a secret key, making encryption one of the most efficient ways to secure your data.


5 fingerprint

Use the fingerprint lock for an app login, instead of a username and password

According to Apple, the probability of a match on your fingerprint is 1 in 50,000, while the match for a four-digit passcode is 1 in 10,000. This makes a fingerprint login far more secure than using a traditional passcode. Every fingerprint is unique to the user, whereas a password is not. As of iOS version 8, Apple opened the doors for developers to Touch ID, making an API available to use in the SDK (software development kit).

 RELATED: The future of biometrics and IoT

prevent your mobile app from getting hacked
Steve Traynor/IDG

Notifications for suspicious activity

When a user logs into an app from a new device, or from a new, unknown location, a notification can be sent to the user through email, text, or a push notification to verify that this login was them. There are very few apps that do this, Gmail being one of them. A notification to verify that a login was them will ensure that the user will be aware if a hack occurs.

prevent your mobile app from getting hacked

Always use https (SSL)

Installing SSL to the server gives a developer the ability to use the HTTPS protocol, which should always be used for maximum security. HTTPS helps prevent an intruder from interfering with the transfer of data between an app, and its server.


prevent your mobile app from getting hacked

Defend against reverse engineering

It’s not impossible for developers to reverse engineer an app, to take data and source code away. To prevent this from happening, you can confuse the hacker by changing the name of important classes and methods in the preprocessor. A second solution is to dissemble the symbol table after the project is complete.

How else could you prevent your app from being hacked? Head to our Facebook page to let us know.

RELATED: 5 active mobile threats spoofing enterprise apps

Copyright © 2017 IDG Communications, Inc.

Related Slideshows