Need a perfect paper? Place your first order and save 5% with this code:   SAVE5NOW

Mobile Application Threat Modelling

Introduction

There has been a spike in the number of mobile threats committed by a broad range of people for several reasons as a direct result of the widespread adoption and usage of mobile apps in business settings. From a cyber-threat analyst’s perspective, this research provides an overview of the proposed mobile app, including its design, the types of attacks that may be made against it, and the means by which these assaults could be prevented.

The Architecture of Mobile Applications

An app’s architecture refers to the methods and principles used to build a well-organized app that meets the requirements of a certain market and the guidelines established by the app’s provider. Procedures and factors specific to wireless mobile devices like tablets and smartphones are formulated inside a mobile app architecture. The functionality and security of the final mobile app benefit from the usage of many layers in the design process. The mobile app’s presentation layer, for instance, houses the UI components and processes that users interact with. The second level is the business layer, and it is comprised of various business entities, processes, and components. The data layer, which contains the data access and utility features and the service agents, is the third tier.

Design of Architecture

The mobile e-commerce application will use the web service and trust boundaries design architecture. The term “web service” refers to an XML-based data exchange system that permits direct contact between programs. The web service has the potential to revolutionize conventional distributed computing via the use of ubiquitous internet infrastructures to facilitate service discovery, service publication, and cross-service transaction processing. However, including a trust boundary into the mobile app would help fix the problems caused by these security flaws (Stewart, 2021). Further, trust boundaries in the mobile app’s design would increase the capability to build security boundaries, enabling the deployment of controls and procedures to help restrict the flow of information beyond the established borders.

Component of hardware

The mobile app must function on an Android, iOS, or Windows-based smartphone or tablet. The hardware, despite this, has to have at least 4 GB of RAM and 2 GB of ROM. Additionally, the equipment has to be wirelessly linked and have the ability to utilize mobile data to augment the functioning of the web service application. The front-facing camera and fingerprint identification sensors are also critical components of a mobile device.

What the application must not do

There should not be any connections between the constructed mobile app and sensitive personal information or other personal information that might cause legal problems during a data breach. Personal information submitted during an online purchase should be deleted three days after usage as a security measure. Definition of Mobile App Features and Requirements The e-commerce platform will come equipped with a number of helpful tools for running a company, such as push alerts and social login. In addition, a built-in chatbot aids users as they peruse the app store and make product selections inside the app itself or on the platform. The program will also improve real-time data and provide a role-based dashboard to aid in the development of an efficient customer relationship management system for the company. The mobile e-commerce app’s main functions will include a catalog and classification system for goods, as well as a user interface with customizable information including search parameters, personalized results, and alerts. The vendor’s mobile app will include signup, subscription plans, and automated stock adjustments after product sales and orders, and catalog management.

Data Access

To launch a successful attack, a hacker would need access to the app’s rest data. Data kept in the cloud storag the application database, as well as information about users and products, are all examples of data physically held on the digital platform. Information at rest is encrypted and protected using the main key, which can only be unlocked if proper authentication has taken place. The encrypted data remains secure and private since the attacker cannot access the secret key.

Mobile Application Security Threats

In only a few short decades, the mobile phone’s market share and user base have grown by leaps and bounds. These devices, which support a wide variety of operating systems like Android, provide consumers access to a plethora of apps. Although these apps are essential for enhancing the usefulness of these devices, they are susceptible to a broad variety of security breaches. In the face of such dangers, a user’s most crucial information and data are at risk. Identifying mobile security risks is essential for deploying efficient and suitable countermeasures.

The Process of Defining Mobile Application Threats

Mobile app security risks and their solutions may be better understood and communicated with the help of application threat modelling. Any stage in the creation of a mobile app is suitable for conducting a threat model. It is advised, however, that this step be taken early in the development cycle to better educate and drive the design process.

Attack Techniques

Unlike older cellular phones, which often only have telephone operations, modern smartphones are designed to offer multimedia communication and applications for business and pleasure (He, Chan, & Guizani, 2015). Because of this, there has been a tremendous quantum increase in the performance and pace of updating of mobile devices. Therefore, factors such as the personal information that is routinely kept in mobile phones contribute to the susceptibility of smartphones to cyberattacks. According to He et al. (2015), certain data might be sensitive and prone to attacks since most users keep and carry their financial information and transactions, such as purchasing and banking, on their mobile phones. Here are some common tactics used by attackers to steal private information from their targets. Attackers and thieves may get around market source code and launch phishing attacks by developing applications that act as browser windows to the attacker’s phishing site (Weichbroth & Physik, 2020). Nagarjun and Shaik (2018) argue that phishing is an independent platform in which attackers leverage URLs of malicious websites masquerading as genuine websites to gain personal data including enabling information, even though most phishing attacks are conducted on personal PCs.

Control

By avoiding public or unsecured Wi-Fi networks, users may limit the scope of this attack vector. Also, when connected to a secure network, users may pay careful attention to browser alerts or complete confidential transactions (Weichbroth & Physik, 2020). Smartphone users may lessen the likelihood of data loss and eavesdropping by adhering to these guidelines. The operating system and any in-car software on a smartphone may be updated by the user by installing security updates. Control methods should include regular updates to the platform, Android, and any installed applications. This means that data encryption may be used to change one code into another, preventing unauthorized parties from reading sensitive information. The user must remember the password in order to recover the data, however.

Conclusion

If the phone ever gets lost or stolen, you may delete all of your data remotely by turning on remote data wipe. It is important to note that installing a data wipe is crucial in businesses since it is necessary in the event of a termination of employment or when a smartphone is infected with malware that cannot be removed (Weichbroth & Physik, 2020). Workers may be educated to spot social engineering tricks like phishing, spear phishing, and baiting.

References

He, D., Chan, S., & Guizani, M. (2015). Mobile application security: malware threats and defenses. IEEE Wireless Communications, 22(1), 138-144.

https://www.oreilly.com/library/view/cissp-certifiedinformation/9780470276884/9780470276884_security_boundaries.html

Stewart, J. M. (2021). CISSP®: Certified Information Systems Security Professional:

Study Guide, Fourth Edition. O’Reilly Online Learning.

Weichbroth, P., & Łysik, Ł. (2020). Mobile Security: Threats and Best Practices. Mobile Information Systems, 2020.

 

Don't have time to write this essay on your own?
Use our essay writing service and save your time. We guarantee high quality, on-time delivery and 100% confidentiality. All our papers are written from scratch according to your instructions and are plagiarism free.
Place an order

Cite This Work

To export a reference to this article please select a referencing style below:

APA
MLA
Harvard
Vancouver
Chicago
ASA
IEEE
AMA
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Copy to clipboard
Need a plagiarism free essay written by an educator?
Order it today

Popular Essay Topics