In November 2014, cybercriminals perpetrated one of the biggest cybercrimes of the decade. They hacked into Sony’s computer systems, stole sensitive data, paralyzed the company’s operations, and gradually leaked embarrassing information to the media. The hackers threatened to continue until Sony agreed to pull the controversial comedy The Interview from its theatrical release.
As the headlines will tell you, the encryption of sensitive data is one of the most important investments a company can make. Facebook is currently under heat for data protection practices. The UK National Crime Agency called WannaCry a signal moment for awareness of cyberattacks and their real world impact. With the stakes higher than ever, the encryption of sensitive data in apps has never been more important.
Here are our top tips on how to safely encrypt sensitive data in your mobile app.
TIP #1: Coding and Testing
Writing secure code is fundemental to creating a secure app. Obfuscating and minifying code so that it cannot be reverse engineered is critical to keeping a secure environment. Testing and fixing bugs when they are exposed should be an ongoing investment of resources as it will pay off in the long run.
Tip #2: Scramble Data
Sometimes, the best method of encrypting data is scrambling. Software and web developers often become obsessed with storing every bit of data in databases and logs, assuming it may be useful later, but doing so can create a target for cybercriminals.
Cunning developers will only store a scrambled version of the data, making it unreadable to the outside eye, but still useful for those who know how to query it correctly.
For an in-depth dive into scrambling data, check out this awesome essay on how Amazon does it.
Tip #3: In Transit Vs. At Rest Encryption
There are two types of data to be encrypted: in transit data and at rest data. In transit data is moving data, be it in transit via email, in apps, or through browsers and other web connections. At rest data is stored in databases, the cloud, computer hard drives, or mobile devices. In transit data can be protected through the implementation of robust network security controls and firewalls. At rest data can be protected through systematically categorizing and classifying data with data protection measures in mind.
Tip #4: Secret Vs. Public Key Algorithms
Secret Key Algorithms are algorithms that use the same key for encryption and decryption. Public-key algorithms us two different encryption keys, one for encryption and the other for decryption. The public key is how the data is sent and the private key decodes it. Public-key algorithms are more secure, but require more computer processing power.
Tip #5: Blockchain Cryptography
We’ve covered the Blockchain in our past article on The Revolutionary Mechanics of the Blockchain. Blockchain cryptography has been on the rise because blockchain databases are distributed and thus more resilient in the face of a DOS attack.
Tip #6: Apps that Clean Up after Themselves
Apps that collect sensitive information don’t necessarily need to store it. It is wise to delete sensitive data from mobile apps when the data is no longer in active use.
Tip #7 Choose the Right Algorithm
There are several popular pre-existing algorithms in existence that can be used to encrypt sensitive data in mobile apps. Check out UpWork’s awesome rundown:
- Advanced Encryption Standard (AES)
- RSA
- IDEA
- Signal
- Blowfish and Two Fish
- Ring Learning With Errors or Ring-LWE
Over the last 10 years, enterprise-wide use of encryption has jumped by 22 percent according to the Ponemon Institute. When building a mobile app, investing in encrypting sensitive data will pay off in the long run and haunt those that short-change it.