Mobile Privacy Equals Data Loss Prevention blog-01

Mobile Privacy Equals Data Loss Prevention

Mobile Data Loss Prevention can take many forms and is a threat to mobile privacy and security. Someone might steal your mobile device along with its mobile data. Malware could be responsible for mobile data loss. Or that strange character looking over your shoulder at the airport and sneaking a peak at your screen could be responsible for mobile data loss. Those strange characters are usually carrying a blue neck pillow by the way.

Data Loss Prevention (DLP) Is Important

I know I’ve blogged a lot about malware, encryption, and other types of security controls and mobile attacks, but the person looking over your shoulder is real threat. But don’t worry, you can develop mobile apps that help deter that threat and if you are developing apps with financial, payment or private data, you’re likely already thinking about this.

It’s easy to get caught up in the “Mr. Robot” attacks hackers use to get to your mobile users. But, don’t forget about basics. The Ponemon Institute conducted a study on shoulder surfing, that Sean Michael Kerner wrote about for eWeek. Fortunately, there are a few simple where mobile app privacy prevents data loss.

Mobile Privacy That’s Quick and Easy

Privacy and security are closely linked on mobile devices and both need to be considered when creating apps. Developers often defer, delay or ditch adding mobile privacy features. The AppFusion platform offers several mobile privacy features that mobile developers can choose to add to apps during the fusion selection process.  The following features are all part of Mobile Privacy in the Appdome Mobile Security Suite.

Mobile Privacy on Appdome
Mobile Privacy on Appdome

App-Only Photos (iOS Only Feature)

App-Only Photos protects any mobile app photos taken by the application. When this features is turned on, the app will save the photo to the application’s private files, and not the camera roll on this device. As a result, photos saved here receive the same level of protection as other data stored in the same protected location.

This also ensures that app photos are protected privately and inaccessible to other applications. When used together with TOTALData Encryption, these photos and sensitive data will be encrypted at runtime using industry-standard AES 256 cryptographic protocols.

Keylogging Prevention

Wikipedia defines Keylogging as is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program

There are 2 possible ways keylogging can happen:

  1. The device has been jailbroken or rooted and some malicious party has control over the entire operating system. This can be prevented using Appdome’s Jailbreak and Root Prevention.
  2. The user has been lured into installing a 3rd party keyboard. This keyboard comes pre-loaded with keylogging functionality. This can be prevented using Keylogging Prevention in Appdome Mobile Privacy.

Copy Paste Prevention

Many organizations are concerned with users copying sensitive data out of an app and pasting it into another app such as email or a browser via the device clipboard. When the copy and paste prevention feature is selected on Appdome, everything copied and moved into the clipboard from your app is encrypted. You can still copy data inside the same app or to another Appdome-build app, but if this feature is turned on, you can’t copy data outside the protected app.

Prevent App Screen Sharing

Prevent Application Screen Sharing stops data loss via screen capture software. Users will often take a screen shot of what is displaying on an app for later reference. Unfortunately, this can put sensitive data at risk especially if photos are automatically backed up. As such, many organizations prefer that this capability be disabled for their apps. This feature will also prevent a user from sharing their screen in a webmeeting (such as Zoom or Webex) or with screen mirroring software (such as Reflector). And then there is Malware like SquirtDanger, which can take live-action screen shots of an infected device, steal passwords, and send, receive, or delete files on the target system. If you build your app and select prevent app screen sharing, you ensure data loss prevention and improve overall mobile privacy.

Blur Application Screen

Screen dimming and blurring helps protect from shoulder surfing. When a user switches screens between apps the mobile device will present the screen in a thumbnail. If not obfuscated in some way, that thumbnail could display sensitive information to the viewer. Through Appdome, you can create a blurred or dimmed thumbnail for your app screen that will then be used when switching between apps. The screen will be automatically blurred or dimmed when the device takes a screen capture as part of app switching or home screen usage process.

Thanks for reading! This blog is part of a series focused on highlighting Mobile Security Solutions from Appdome.

Jan Sysmans

Jan is passionate about protecting mobile banking customers from threats, malware and fraud. In addition to blogging this story, he is the solution specialist for secure mobile banking.

Have a Security Project?

We Can Help!

TomWe're here to help
We'll get back to you in 24 hours to schedule your demo.

Quick Links for This Blog

Want to learn more?

Stay up to date with the DevSecOps Evolution.

Subscribe to our Mobile DevSec Blogs

More To Explore

Build What You Love Automate What You Don’t

Drop us a line and keep in touch

Search Appdome Solutions

Search
Blog Post 4 Reasons Existing Waf Anti Bot Solutions Fail To Protect Mobile

4 Reasons Existing WAF Anti-Bot Solutions Fail To Protect Mobile

Traditional anti-bot solutions, like Web Application Firewalls (WAFs), struggle to protect against most mobile-based attack vectors, resulting in significant blind spots in organizations’ API defenses, highlighting the need for advanced mobile-specific bot defense solutions.