Mobile Devices and Using Apps To Access The Web: Are You Secure?

The use of mobile devices and apps to access the web is definitely growing but are they secure? On a computer, it is easy to see the first letters in the URL which shows if the connection is secure or not. HTTPS, or Hyper Text Transfer Protocol Secure, is the secure version of HTTP.  When a user connects to a website via HTTPS, the website encrypts the session making your information safe.  However, it is difficult to know if the connection is truly secure when using an app on a mobile device to access the web.

"Mobile apps are ignoring the improvements that web browsers have made in protecting our privacy and security. Some of the fault lies with the HTML and HTTP that underlies the web. HTTP becomes creaky once you try to implement strong authentication mechanisms on top of it, mostly because of our friend the cookie. Some fault lies with app developers. For example, Twitter provides a setting to ensure you always access the web site with HTTPS. However, third-party apps that use Twitter’s APIs might not be so diligent. While your password might still be protected with HTTPS, the app might fall back to HTTP for all other traffic — including the cookie that identifies you."  
source: http://mashable.com/2011/05/31/https-web-security/


As apps flood the market, keeping up with security issues is tough for the developer, and can unknowingly leave the user vulnerable. "The question that is not heavily examined during this app gold rush is whether the apps themselves have vulnerabilities or holes. Not even Apple's tightly controlled app store has the time, technology or motivation to look for vulnerable applications. The result is that even if you trust the application developer, the application might have unintended holes that create a pathway for hackers. Mobile phones are an attractive target: they process logins for our bank account, have access to a ton of bandwidth (creating mobile bonnet potential), and have just as enticing information as a PC does. Even more interesting is that they are a real gateway into enterprises: if somebody wrests control of your mobile phone, they might parlay it into accessing enterprise servers that trust the device." 

This also is a big problem for businesses because so many employees are using their smartphones at work. "These indicators have pushed businesses to start focusing on enterprise defense strategies in a world where employee owned mobile devices are storming into the workplace. In a recent survey conducted by RSA Conference, the world’s largest information security conference, ninety-three percent of security professionals believe mobile devices pose a security threat to their organization. Protecting against weaknesses introduced by insecure applications from trusted providers is one of the biggest open questions."

source: http://articles.businessinsider.com/2011-05-09/tech/30055686_1_app-store-vulnerable-applications-android

Bottom line is that it can be risky to use apps, especially third party ones, for important information sharing but they fine for the light stuff.  Updating apps when needed is a good idea because often these updates fix identified security issues.  Also remember to regularly change your passwords on important accounts and email addresses to help protect your information.