Home iOS Do you really know what’s inside your iOS and Android apps?

Do you really know what’s inside your iOS and Android apps?

91
0

It’s time to audit your code, as it appears that some no/low code features used in iOS or Android apps may not be as secure as you thought. That’s the big take away from a report explaining that disguised Russian software is being used in apps from the US Army, CDC, the UK Labour party, and other entities.

When Washington becomes Siberia

What’s at issue is that code developed by a company called Pushwoosh has been deployed within thousands of apps from thousands of entities. These include the Centers for Disease Control and Prevention (CDC), which claims it was led to believe Pushwoosh was based in Washington when the developer is, in fact, based in Siberia, Reuters explains. A visit to the Pushwoosh Twitter feed shows the company claiming to be based in Washington, DC.

The company provides code and data processing support that can be used within apps to profile what smartphone app users do online and send personalized notifications. CleverTap, Braze, One Signal, and Firebase offer similar services. Now, to be fair, Reuters has no evidence the data collected by the company has been abused. But the fact the firm is based in Russia is problematic, as information is subject to local data law, which could pose a security risk.

It may not, of course, but it’s unlikely any developer involved in handling data that could be viewed as  sensitive will want to take that risk.

What’s the background?

While there are lots of reasons to be suspicious of Russia at this time, I’m certain every nation has its own third-party component developers that may or may not put user security first. The challenge is finding out which do, and which don’t.

The reason code such as this from Pushwoosh gets used in applications is simple: it’s about money and development time. Mobile application development can get expensive, so to reduce development costs some apps will use off-the-shelf code from third parties for some tasks. Doing so reduces costs, and, given we’re moving quite swiftly toward no code/low code development environments, we’re going to see more of this kind of modelling-brick approach to app development.

Copyright © 2022 IDG Communications, Inc.