Can Phone security compromised via an App?

Zipppy

When developing an App are there security considerations you need to take to ensure that a hacker (or other) can use your APP to breach the security on a phone that has downloaded it and perhaps get access to confidential data on the phone?

The Corinthian

Yes, principally in the transmission of that data to and from a server. This is why automatically connecting to open WiFi can be dangerous, as many apps do transmit sensitive data back to a home server and if not secured it can be sniffed out and harvested.

As to a trojan on the phone accessing sensitive data, including from your app, that is a less common, but not unimportant issue. To begin with, it will be able to access phone data anyway - just as your app can. As to data from your app, both the iPhone and Android do place limits to how apps can read the persistent data of other apps, but there are ways around this - particularly if the phone is rooted/jail-broken.

In short in both cases; encrypt, encrypt, encrypt.

skateboardP

This is a possibility on the android system as there is little to no validation of their apps, apple however goes through every app submission thoroughly and rejects any potential viruses/trojans etc

The Corinthian

skateboardP wrote: »

This is a possibility on the android system as there is little to no validation of their apps, apple however goes through every app submission thoroughly and rejects any potential viruses/trojans etc

Irrelevant and incorrect.

The OP is asking about security considerations with regards to his/her own apps. A trojan will have access to phone data, but that has nothing to do with your own app security.

The only case where a trojan is of concern to you, and your app, is if it can access your app's local data, which it cannot on either iOS or Android smartphones unless they are jailbroken/rooted.

And as trojans exist for both systems also, despite Apple's more stringent submission process, one should apply the same security precautions regardless.

skateboardP

Well in terms of app security, more precautions need to be taken on android development as the iOS system is more secure

The Corinthian

skateboardP wrote: »

Well in terms of app security, more precautions need to be taken on android development as the iOS system is more secure

Really. What do you have to back that up?

I ask, because so far all you've presented is that Apple has a more stringent submission process, which has absolutely nothing to do with iOS. Neither does it have anything to do with the security of your own app, which oddly enough is the topic of this thread.

skateboardP

The Corinthian wrote: »

skateboardP wrote: »

Well in terms of app security, more precautions need to be taken on android development as the iOS system is more secure

Really. What do you have to back that up?

I ask, because so far all you've presented is that Apple has a more stringent submission process, which has absolutely nothing to do with iOS. Neither does it have anything to do with the security of your own app, which oddly enough is the topic of this thread.

My own experience plus hundreds of articles on the web by experts in the area

The Corinthian

skateboardP wrote: »

My own experience plus hundreds of articles on the web by experts in the area

In other words you don't know what you're taking about. If you care to read, for example, this article it concludes that "after reviewing the security features of the Android and the iOS, we can conclude that there is no clear advantage of the one over the other."

Ultimately iOS has one advantage, which has absolutely nothing to do with iOS itself - the submission process - and in reality both have pluses and minuses where it comes to the security of the operating system.

Writing an app of iOS and thinking about writing one for Android does not make you terribly experienced, btw. Especially when you don't appear to understand what the OP's question was to begin with.