Many people today prefer their mobile phones over their PC’s because of the instant access to everything. Those with smartphones use apps to play games, read books, access information and latest news or get directions. Mobile apps are easy to download but your private information may be accessed particularly if the app does not have a SSL certificate.
Once you buy a mobile phone or tablet, you are committed to using the operating system and mobile apps that go with it. Android and iPhones have their own online app stores where you can search for, download and install apps. Most apps are free but contain advertisements. There are also paid versions with more advanced features.
There are mobile apps that need personal data to function. Others require data that is not related to the purpose of the app. Keep in mind that there might be someone out there who is collecting data on the websites that you visit, apps that you download and information that you share online. Data collected might be shared with other companies for a price.
If your mobile gadget is using Android OS, there is an opportunity to read permissions before installing an app. Ask yourself whether the permission makes sense. For example, there are apps that require permission to your location before you are provided with a map or information about a nearby store. If you do not want to share your location, turn off your location services in the phone’s settings but you won’t get the information required from the app.
Most app developers use the SSL certificate for encrypted communication between the user and server. Mobile apps that do not implement the SSL certificate are more likely to become the target of MITM attacks, There are many security flaws to commonly downloaded apps which exposes data to potential theft.
Aside from installing SSL certificate on the website or mobile app, it is important to have SSL certificate monitoring through TrackSSL.com to be notified when there are changes or if the certificate is about to expire. The SSL certificate reminder tool can be integrated with Slack so that notifications will go straight to the #devops channel.