Skip to main content
banner image
venafi logo

Using Certificates to Secure the Rising Tide of Mobile Apps

Using Certificates to Secure the Rising Tide of Mobile Apps

generic_blog_banner_image
February 9, 2016 | Hari Nair

Those who have been in the IT industry for 20 years or more will have witnessed enough changes to fill the sea twice over. Each change is necessary, but some are more interesting than others. For example, the rise of mobile applications is undoubtedly one of the biggest waves of change to hit the world of business.

Who’s responsible for mobile app security?

With consumer mobile applications such as video games and social media, it is easy to spot security vulnerabilities if you are someone with a background in the field. However, mobile app developers do not naturally possess a deep knowledge of security, which can ultimately leave their applications open to risk that hasn’t even occurred to them.

Personally, I've been involved with Public Key Infrastructure (PKI) since the start of my career, when I helped develop applications for the U.S. government. As such, security has always been my first consideration. And one of the first points I sought to clarify at the dawn of mobile applications was to find out who was responsible for distributing and managing mobile security certificates. (See this Venafi blog post for a detailed look at some of these questions: Forrester Research Uncovers Gaps in Mobile Certificate Security.)

Security issues with mobile apps are on the rise

Awareness of the mobile-app-security issue has gone mainstream in the wake of recent certificate-related incidents that have captured consumers' attention. Legions of coffee drinkers deleted the Starbucks mobile app in response to hacks that parlayed Starbucks's weak security into direct access to customers' bank and credit card accounts. Similarly, the OnStar RemoteLink app's weak certificate checks enabled hackers to track, unlock, and even start GM cars remotely, which made GM drivers think hard about using the vehicle manufacturer’s mobile app. GM fixed the issue, but many of its rivals seemed to have ignored it; recently, a hacker exploited the very same certificate weakness in iOS applications for BMW, Mercedes, and Chrysler.

Problems like these show just how crucial digital keys and certificates are; indeed, they are the foundation of security for all connected devices. Yet with even the most conservative organizations developing business applications for mobile devices, keeping track of them has become difficult. As I write this, businesses continue to expose information that was previously restricted to their own networks.

To further muddy the mobile-security waters, the Bring Your Own Device (BYOD) revolution has meant that employees are accessing business information using devices that are outside of organizational control. All this has made verifying digital certificates much more difficult. Yet until these conditions change, cybercriminals will be able to misuse digital certificates and take advantage of company or employee data residing on mobile devices, simply because it's easy to do.

Certificates to Protect Mobile App Use

Digital certificates must be secured to keep your mobile apps safe

To prevent this misuse by cybercriminals, mobile app developers must be able to secure and protect their cryptographic keys and digital certificates. Venafi has security tools available today that allow developers to discover and control certificates on mobile devices.

Just as the human immune system patrols the body to identify pathogens and anomalies, Venafi, the Immune System for the Internet®, patrols mobile devices on your network to identify certificate anomalies and risks, and to rapidly revoke problem certificates. Venafi also integrates with most mobile device management (MDM) solutions to help enforce business-established policies, which can keep you afloat on a sea of regulations and security requirements.

How does your enterprise use certificates to secure its mobile apps? What do you see as the biggest security challenges to enterprise apps and mobile device usage?

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Vault 8 Exposure: What Do the Impersonated Certificates Actually Tell Us?

Unauthorized DevOps Certificates

Self-signed Certificates Open a Can of Worms for DevOps Security Teams

The concept of trust is transient in the digital world, where an identity changes constantly over time.

Exploring Trust in the Digital World

About the author

Hari Nair
Hari Nair

Hari Nair writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat