Do you really know what’s inside your iOS and Android apps?

Do you really know what’s inside your iOS and Android apps?

It’s time to audit your code, as it appears that some no/low code functions used in iOS or Android apps may not be as secure as you thought. That’s the big takeaway from a report that explains disguised Russian software is being used in apps by the US military, the CDC, the British Labor Party and other entities.

When Washington becomes Siberia

The problem is that the code developed by a company called Pushwoosh has been distributed in thousands of apps from thousands of devices. These include the Centers for Disease Control and Prevention (CDC), which claims it was led to believe that Pushwoosh was based in Washington when the developer is actually based in Siberia, Reuters explains. One more visit Pushwoosh Twitter feed shows the company claiming to be based in Washington, DC.

The company provides code and data processing support that can be used in apps to profile what smartphone app users do online and send personalized alerts. CleverTap, Braze, One Signal and Firebase offer similar services. Now, to be fair, Reuters has no evidence that the data collected by the company has been misused. But the fact that the firm is based in Russia is problematic, as information is subject to local data laws, which could pose a security risk.

It can’t be, of course, but it’s unlikely that any developers involved in handling data that could be seen as sensitive would take that risk.

See also  Sam Bankman-Fried crypto exchange 'hack' likely an inside job as $339 million frozen in three wallets

What is the background?

While there are many reasons to be suspicious of Russia at this point, I’m sure each nation has its own third-party component developers who may put user safety first. The challenge is to find out which ones do and which ones don’t.

The reason code like this from Pushwoosh is used in applications is simple: it’s about money and development time. Mobile application development can be expensive, so to reduce development costs, some apps will use off-the-shelf code from third parties for certain tasks. Doing so keeps costs down, and since we’re moving pretty quickly toward no-code/low-code development environments, we’re going to see more of these types of modeling bricks for app development.

Copyright © 2022 IDG Communications, Inc.

See also  New 'Trojan' virus hacking mobile banking apps in India

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *