presentation data protection conference asian legal business (alb) 2014 kuala lumpur
DESCRIPTION
Panelist for The “Applification” of society – the dominance of mobile and tablet applications: Implications for data protection. Covers Mobile Apps.TRANSCRIPT
Norshidah Mohamed, PhDInternational Business School
http://www.ibs.utm.myUniversiti Teknologi Malaysia
Kuala Lumpur17 June, 2014
2
OUTLINE
• Data protection issues in mobile apps – what have developers overlooked?
• Consumer’s/user’s privacy experience – protect or expose?
• Privacy Impact Assessment• Guidance for consumer/user and business
3
WHAT HAVE DEVELOPERS OVERLOOKED?
Indicators of some critical vulnerabilities in banking apps:• 90% of apps are exposed to traffic
interception (with several non-SSL links)• 50% of apps are vulnerable to JavaScript
injections• 40% of apps did not validate the authenticity
of SSL certificatesSource: http://www.darkreading.com/vulnerabilities---threats/weak-security-in-most-mobile-banking-apps/d/d-id/1141054?
4
USER’S PRIVACY – PROTECT OR EXPOSE?
• Competitive ecosystem – Apple iTunes & Android based platform
• Most developers are not trained to develop secure apps
• Use of cloud-based apps is a trade-off between handing over privacy and download of apps
• Research has shown that user is unaware of the implications of giving permission to download an app
5
USER’S PRIVACY – PROTECT OR EXPOSE?.. cont’
• Location, contacts, calendar, reminder, photos – are just some examples that downloaded apps access!
• Apps could have been created by fraudsters and loaded with malware
• Unsecured WiFi is a toll-free highway for fraudsters to gain access to mobile devices, seize control or gain access to account information.
6
PRIVACY IMPACT ASSESSMENT?
What’s being done?De Facto standards that define:• development and test of secure mobile apps?• apps store security practice? • corrective actions on security breach?• cloud-based management that include
provisioning, policy, data management of mobile devices
7
PRIVACY IMPACT ASSESSMENT? ? .. cont’
• authentication to several cloud-based providers
• ISO?• IT governance framework?• Mobile App Security Working Group
8
SELECTED RECENT CASES & GUIDANCE?
9
SELECTED RECENT CASES & GUIDANCE?
10
SELECTED RECENT CASES & GUIDANCE?