Uber Data Breach: How to prevent your app from incidents like these

Last Updated: Feb 27, 2020

Published On: November 28, 2017

Table of Content

1. Protect your App from the Scratch
2. Secure the Network connection from the Backend
3. Have Authentication, Identification, and Authorization Process in Place
4. Do a comprehensive set of tests
5. Planned API Security Strategy
6. Test the App

copied!

In 2016, Uber lost 57 Million users and drivers information to hackers, whom they then paid $1,00,000 to delete the data.

The incident came into the picture a few days back when their CEO Dara Khosrowshahi made a post throwing a light on the data breach. And since then, the case of app security has come into the focus.

Uber’s not the first case of data breach, there are a number of times when the users’ personal data has been compromised: an event that has made people wary of using mobile apps that ask for their information.

Here’s a visual to show the stance of mobile app users in light of App Security Concerns –

prevent your app from incidents info-graphics

See how gruesome it is?

But, you can prevent your app from becoming the next case study cautioning brands to get their app security game on point.

Here’s how –

1. Protect your App from the Scratch

A number of vulnerabilities exist in the app’s source code, but the majority of the app companies focus just on the network part while focusing on implementing mobile app security best practices. There are so many places that can be the groundwork of data breaches – coding error, code testing, etc.

Here are the things that you can do to safeguard your app from the day of its existence –

Protect the code of your app with encryption. There are two ways to do it – minification and obfuscation, but they are not enough. It is advised that you stick with well supported algos that are combined with the API encryption.
Run source code scanning on your codes, frequently

The sign of a secure code is that it remains secures even after being ported between operating systems and devices. Creating an agile code helps on this front, immensely.

2. Secure the Network connection from the Backend

long

The cloud servers that are being accessed by your app’s API needs to have proper security measures to prevent unauthorized access and protect users’ data. The API verification should be so in place that zero sensitive information passes from the client to app database or server.

To make this step a success, it’s imperative that your backend development process is robust.

Here’s how to secure the network connection

Create encrypted containers for storing documents and data
Conduct a series of vulnerability assessments and penetration testing of your network to make sure that the data is protected.
Encrypt database and connections with SSL, VPN, and TLS for added security
Apply Federation – the measure, which spread resources across servers so that they are all not in one place, while separating the key resources from the users.

3. Have Authentication, Identification, and Authorization Process in Place

Here’s how to make your app identified, authenticated, and authorized

Ensure that the APIs which your app uses are just the ones that are needed to function and only give access to the parts that are in focus, instead of all the app functionalities.
There are a number of tools and protocols that you can make use of and be sure to follow when your app is in its development stage. Here they are –
- JSON Web Token – The lightweight tool is used for encrypting data exchange, its no fuss implementation makes it ideal for mobile apps.
- OpenID Connect – It’s a protocol that allows the users to reuse their credentials across different domains with the help of an ID token, to save their time in registering and signing up with the same information every time.
- OAuth2 – The protocol is used to manage secure connection through one time user specific token. Upon installing the framework in the authorization server it will let you grant your users permission between the end users and client by collecting credentials such as 2 factor SMS questions.

4. Do a comprehensive set of tests

Unlike a web app, majority of mobile app data is saved locally, and with the data being on a device whose bandwidth, performance, and quality varies, the risk of it getting hacked is much greater.
Along with the instability factor in devices, there are also some apps that tend to release data without users knowing it, like their gender, age, device usage, etc.

Ways you can ensure the customer data is secure on the app –

With the help of file level encryption, you can protect the data on file-by-file basis. It’s one of the ways to encrypt the at-rest data so that it’s not read when intercepted.
Tools like Appcelator platform ensures that mobile data which are stored locally are safe.

Key management should be your priority. The basis of a strong algorithm is its equally stronger certificate and keys.

5. Planned API Security Strategy

As mobile development is tightly knit with APIs, a major part of making an app is secure is dependent on making its API secure. APIs transmit data between the applications, cloud, and among a number of users. All the involved parties need to be identified and authorized in order to see and use the data. APIs are the foundation stone of functionality, content, and data, so ensuring that it is secured can take you long way.

api

There are three stages in API that you will need to take care of, namely – Identification, Authentication, and Authorization.

Let’s look at the elements of all the three below –

Identification

The first part of process, identification hacks can be prevented through implementing API keys. These keys are random, unique identifiers which eliminate the need of passwords.
While you can safeguard when the data is seen using the API keys, you cannot decide that it is seen by someone who was supposed to see it.

Authentication

It is the process that guarantees that the information is seen by someone who was meant to view it. At this stage, you set usernames and passwords to ensure that the system gets an extra level of security.

Authorization

This step answers the question – What can one do with the API. The steps to secure this process includes 2 factor authorization, tokens, and one time passwords.

6. Test the App

Irrespective of whether your app is hybrid, native, or web app, it should be tested for not just from the usability and functionality aspect but also from Security. There are a number of steps you have to follow to ensure that your app is quality assured to ensure it’s secure.

Here are the ways you can ensure your app is tested for security –

Penetration Testing – It means probing the network and system for finding weaknesses.
Use emulators to test how the app performs in a simulated environment.
Test the authorization and authentication, session management, and data security issues in detail.

So these were the 6 ways that you could employ in your app development process to ensure that yours is not the one in limelight.

Ensure that you incorporate well in time, while you have time.

Shrikant Srivastava

Let's Build Digital Excellence Together

Captcha:

5 + 2 =

Exploring How App Security Can Benefit Your Business?

Explore App Security Services

Most trusted Mobile App Consulting Company on Clutch

INDIA

B-25, Sector 58,
Noida- 201301,
Delhi - NCR, India

USA

79, Madison Ave
Manhattan, NY 10001,
USA

Australia

Appinventiv Australia,
East Brisbane
QLD 4169, Australia

3rd Floor, 86-90
Paul Street EC2A 4NE
London, UK

UAE

Tiger Al Yarmook Building,
13th floor B-block
Al Nahda St - Sharjah

CANADA

Suite 3810, Bankers Hall West,
888 - 3rd Street Sw
Calgary Alberta

Leaving already?

Hear from our clients and why 3000+ businesses trust Appinventiv

Simon Wing

Co-Founder & CEO, Edfundo

We chose Appinventiv to build our financial literacy and money management app from start to finish. From the first call, we were very impressed with Appinventiv’s professionalism, expertise, and commitment to delivering top-notch results.

César M Melgoza

Founder & CEO
Epluribus LLC - Creators of MOXY

It has been a pleasure working with Appinventiv. The team is not only extremely versatile and competent but also very professional, courteous, and responsive. We certainly plan to continue working with Appinventiv for an indefinite period.

Bela Gupta D’Souza

Founder, Edamama

We took a big leap of faith with Appinventiv who helped us translate our vision into reality with the perfectly comprehensive Edamama eCommerce solution. We are counting to get Edamama to launch on time and within budget, while rolling out the next phase of the platform with Appinventiv.

Rohit Jesudian

CEO/Founder, KODA

I just want to take a moment to thank the entire Appinventiv team for your incredible support. We truly appreciate everything you've done, and we're excited to continue working together as we grow here at KODA

Steve Gertsch

Project Manager, Auto Auction

After researching numerous companies, we finally found Appinventiv, and it was the best decision we could have made. They successfully addressed the challenges with our existing app and provided solutions that exceeded our expectations.

Neeraj Tiwari

Director - Digital Engineering
Americana Group (Kuwait Food Co.)

We approached Appinventiv with a clear vision to build a robust and future-ready platform that could seamlessly integrate with the busy lifestyle of our customers while uplifting their overall experience and giving us a competitive edge.

Tell us what you need, and we’ll get back with a cost and timeline estimate

Full name

E-Mail ID

Describe Your Project/Idea In Brief (Helps Us Come Back Better Prepared)

Contact Number

3 + 2 =

1600+ transformation engineers delivered

3000+ game-changing products.

App Development
Company Of The Year

Technology Fast 50
2023-24

India's Growth
Champions in IT