Basic Safety Issues for Mobile Devices with iOS Apps

By Rajiv Ramnath

Mobile devices with iOS apps experience greater safety risks than desktop computers due to in part to their mobility and in part to their size. Surprising, it is not their lack of computing power that leaves them at greater risk of an attack. Here are some other reasons mobile devices are more vulnerable than desktop computers:

  • Small physical form factor: Because of their size, mobile devices are easy to misplace or steal. Someone with dishonest intentions can easily disassemble them and access their internal components that contain private information (for example, memory cards).

  • No user login required by default: A mobile device typically isn’t set to require a login or other type of authentication in order to use it. A person who steals a user’s device has immediate access to all the information on it and to other systems the user has used the device to connect to, such as banks.

  • Weak password protection: If a login is required on a device, the password itself can be a security threat. Using keyboards on mobile devices is difficult. Users find that it’s not easy to type all the characters needed for long, strong passwords. For this reason, users tend to use shorter, simpler passwords, which makes the device easier to break into.

    Building complex layers of security into mobile devices and applications is also difficult because mobile users are especially sensitive to user experiences on the devices. Mobile users have been known to reject devices that don’t have user-friendly interfaces; worse, users might be inclined to circumvent security features and thereby leave themselves completely vulnerable.

  • Limited screen size that impedes readability: Because of the small screen sizes of mobile devices, URLs that a device might access often aren’t completely visible. If a dangerous URL is a small variation of a safe URL (as commonly happens in phishing attacks), the user may not notice the variation, thereby providing private information to the malicious site.

  • Environmental distractions: Because users often use mobile devices in crowded spaces, such as buses, or while engaged in other activities, such as walking or driving (a bad idea), they become distracted and give less than optimum attention to security warnings.

    For example, some financial portals show users images to verify that they’re on legitimate websites. Someone using a desktop is likely to notice that this image is missing after being directed to a site that’s spoofing the legitimate site. A user on a mobile device, may be distracted and not notice the missing image while simultaneously navigating a mall or attempting to maintain her balance on a speeding train.